How to Share a Password Securely

In this article, learn how to share a password securely. Your web developer will need access to your web hosting account and FTP to create your website. You may need to create and send out  passwords for other users in your organization. How can you create good passwords and share them securely?

send your password securely by carrier pigeonIs it secure to send passwords over email?

No. Email is not a secure way to share passwords. This article from Defending Digital explains more in depth why email and text messaging are not secure systems.

When you send a password in readable text over email, it is stored on your email server. Even if you delete the email, it may go to the trash and not be deleted for some time. If someone hacks into your email, they could find a treasure trove of passwords right in your account. Beyond that, it may be stored on various servers on its way to you, and it may be intercepted on its way to you. If you receive a password by email, particularly if the username and/or the link to the service is included, log in to the service, and change your password immediately.

How can I share a password securely?

There are various services you can use to send a message that will self-destruct after the message viewed, or after a certain amount of time. To ensure you are using this type of method in a secure fashion, be sure to send the password alone, without accompanying information about what the password is for. You can email your developer to let them know you’re going to send them the username and password for a specific service, and then send the information through one of the services listed below.

  • 1TY.ME
    1ty.me doesn’t require an account. Simply enter the information in the textbox, and click on Generate Link.
    Use 1ty.me to send your passwords securely
    Copy the link and email it to your correspondent. Once the link is visited, it is destroyed in the 1ty.me system and cannot be revisited.send your passwords securely with 1ty.me
  • NOTESHRED
    Noteshred requires you to sign up for an account, but the service is free. Once you create an account, you can send a note directly from the interface.Share a password securely with Noteshred
    Noteshred also shows you your activity – you can see whether a note has been received and read, or shredded.See whether your recipient has viewed your note

    If someone does find the link to your note hanging out on a server somewhere, by the time they view it, it will look like this:

    Notes that have been viewed or expired are shredded.

  • ONE TIME SECRET
    One Time Secret works in a similar fashion. You enter your secret information, and you set the amount of time the link should be active. Once your recipient views the link, it will no longer be active or viewable by anyone ever again. If you create an account, you can further secure your message with a passphrase. If you’re not comfortable signing up for an account with your real email address, you can even sign up with a temporary one.
    Send passwords securely with onetimesecret.com
    Once the secret has been viewed, if anyone else tries to see it, they will not be able to:Your one time secret is no longer accessible once it has been viewed.
  • QUICK FORGET
    Quick Forget allows you set the secret to be viewed a specific number of times, and to be forgotten after the number of hours you determine.QuickForget.com lets you send passwords securely As with the other services, you’ll have a link to send to your recipient:
    share passwords securely with QuickForget.com
    If the secret has been viewed the allotted number of times, or the time has expired, the secret is gone: Your secret is forgotten forever
  • Another option is to store your passwords in a password manager, and give your web developer technical access to a folder containing only the sites he may need to access. To send the password manager password, use one of the methods above.

Using any of these methods to share a password securely will help protect your accounts.

Other best practices for password and access security

  • When possible, add your developer as a technical contact.
    This way, your developer can access the services required, but doesn’t have access to your billing area or other sensitive information.
  • Use secure passwords.
    How-To Geek gives some good password creation tips here. You can also use a password generator, like Password Generator or Secure Password Generator.
  • Don’t save your passwords in your browser.
    Instead, use a password manager.
  • Create a new username and password for each person on your team who requires access to the services.
    When a user moves on, you can simply remove his access rather than trying to remember all the passwords he has access to and changing them all.
  • Split up the information.
    Use one type of communication (phone, text message) to inform your contact that you’ll be sending a password to a specific service. Then use a different channel, like email, to send the link generated by one of the services above.
  • Perform periodic access audits.
    Remove any users who are no longer with your organization.

Making security a priority is the best thing you can do to keep your website, your personal information, and your visitors’ information safe.

Like it? Share it!

FacebooktwitterredditlinkedinmailFacebooktwitterredditlinkedinmail

Alisa Cognard

Alisa was one of the first team members to join Red Earth Design, Inc. in early 2004. From data entry, she progressed to MySQL database manipulation and PHP coding. Alisa is responsible for all kinds of odds and ends: installing new websites, adding features to them, programming databases, PHP coding, website troubleshooting, website security, and organizational tasks for Red Earth Design.

Leave a Reply

Your email address will not be published. Required fields are marked *