In this day and age, passwords are like keys, so why would you make a copy of your key and mail it to someone? Anyone?
Well, that’s exactly what you are doing when you send an email with a password in clear text, even worse when you add the credentials, like the access link and a username.
It’s like throwing your credit card after you sticked a post-it with the PIN on it.
Password managers should be all the rage now, but instead, people keep them in Excel files, text files or worse: in Google Drive documents 😱.
So please use a password manager, even it’s the one from your favourite browser (but also remember to set a password to your computer too).
There is no 100% safe way to share a password, but I’ll list a few I use:
- Call them and tell them the password or voice message them the password, easy peasy; and send the additional information on a different channel, like email or a text message. The tricky part is how they store it.
- PrivNote.com / OneTimeSecret.com – you paste the password and ONLY the password without any additional information, then send the generated link directly to the recipient and, as above, send the other information (link, username, email address) via another channel (example: send the link and username via email, and the link with the password via WhatsApp).
- Dead-Drop.me – Same idea as above, but you’ll also get another password with the link (a bit of a password headache, I know), and always share them on different channels!
- Signal’s dissapearing messages – this requires that both you and the recipient use Signal (🤖, 🍏).
- Share a KeePass database – although, ideally, you should have layers of access and each user should have their own credentials, if you must share the same credentials, a shared database over network storage or encrypted USB can do the trick. The main problem is when they leave the company and go to the competition 😨.
Hope this helps.