|

How to Send Passwords Securely

Can You send passwords securely?

An analysis carried out on over 15 billion passwords revealed that the average password has less than 8 characters. This makes it easy for hackers to guess passwords with brute force techniques, which is why we need to take extra precautions when sending sensitive information such as passwords over email.

Yes, you can. The need to send passwords securely is more important now than ever before. The best way is usually whichever one suits your needs most – but make sure you’re doing something! Let’s go over some safety tips for sending out credentials over email or text messages. 

For those wanting the TLDR version and to get straight to the answer…

How to Send Passwords

Important Advice – Make Sure Your Passwords are Secure

We have already covered some safety tips for passwords in a previous blog post, but here are some more important pieces of information. 

  • USE A PASSWORD MANAGER – The easiest way to send passwords securely is to use a password manager. Such tools can generate secure passwords and store them for you in an encrypted vault, so that you can quickly copy and paste them into whatever website you’re signing up for without having to worry about the security of your password. If you want to get the most out of a password manager, be sure to use a very secure master password. You can use tools like 1password.com or lastpass.com.
  • ALWAYS LOG OUT OF SITES AFTER YOU’RE FINISHED – If you think one website might be compromised, don’t risk logging into the rest of them with the same password. Just to be safe, always remember to log out of sites after you’ve finished using them, especially if you’re using a public computer. Public computers are much more likely to be compromised than the ones in your own home or office, so don’t take any unnecessary risks by leaving your accounts logged in while browsing on one.
  • CREATE A STRONG, UNIQUE PASSWORD FOR EACH SITE YOU USE – Each site should have its own strong, unique password to protect the information you have there. Never use the same password twice, so that if one website is hacked, none of your other accounts are compromised.
  • CREATE PASSWORDS THAT ARE LONG – Make sure each password is long—at least twelve characters—and uses a combination of letters (both uppercase and lowercase), numbers, and symbols. Avoid using common phrases or full sentences, as well as your name, birthday, or other easily obtained personal information.
  • AVOID USING THE SAME EMAIL AND PASSWORD FOR ALL YOUR ACCOUNTS – When you use the same email and password for all of your accounts, and account is compromised, all of them are. This is especially true if the site where your password was stolen is sending a link to reset your password because they suspect that your account may have been compromised as well. These links aren’t always malicious but it only takes one bad link to give an attacker access to your password in an insecure environment such as a public WiFi.
  • MAKE SURE THAT ANY SITES WHERE YOU STORE SENSITIVE INFORMATION HAVE AN ENCRYPTED CONNECTION – Using an encrypted connection is one of the best things you can do to keep your information secure while it’s being sent. HTTPS will encrypt all communication between you and the site so that people who are located in between cannot read your traffic. For example, if you’re at a coffee shop using their WiFi then anyone on that network could potentially see your traffic. If you’re putting sensitive information onto a webserver make sure to use HTTPS for the entire site.
  • CHANGE YOUR PASSWORDS PERIODICALLY TO AVOID BEING HACKED OR HAVING THEM STOLEN FROM YOU – If you think someone might have hacked into your accounts, change your passwords periodically. If you’re especially nervous about someone hacking in, remember to use a different password at every site—that way, if one of the changes is compromised, none of the others are.
  • WHEN ENTERING PASSWORDS ON WEBSITES CHECK THEIR CERTIFICATE FIRST – Web browsers can help you with this by giving warnings when information isn’t being sent securely. A certificate will tell you the identity of a website and whether or not it’s been issued by a trusted authority. If the certificate for a site doesn’t seem valid then avoid entering your password on that site because there’s likely something wrong with it.
  • DELETE OLD EMAILS THAT CONTAIN SENSITIVE INFORMATION OR HAVE ATTACHMENTS THAT CONTAIN SENSITIVE INFORMATION – The biggest problem with old emails is that they’re likely to have attachments that are still accessible. If you have an email from years ago with a password in it then it’s definitely better to just delete the file so that it can no longer be accessed by other people. Also, if you receive an email from work with a password or other information in it then make sure to delete it because you don’t want your competitors getting their hands on that information.
  • TURN ON TWO-FACTOR AUTHENTICATION FOR ANY ACCOUNTS THAT OFFER THIS FEATURE – Two-factor authentication is when you have to provide two pieces of evidence in order for something to be verified. When it comes to your accounts this could include having a password and also having access to your phone or email account which will send you a verification code. This means that even if someone has your password they won’t be able to log in to your account because they won’t have the code sent to you.
  • INSTALL AN ANTIVIRUS SOFTWARE PRODUCT AND KEEP IT UPDATED TO PROTECT AGAINST MALWARE, VIRUSES, AND OTHER MALICIOUS PROGRAMS – A top-of-the-line antivirus product will make sure that all of your files are scanned for viruses and malware before they’re allowed to run on your device. This ensures that if someone is trying to use a virus to get into your system then the antivirus product will be able to stop it. The best types of antivirus products currently available are the ones that protect against all types of threats, not just viruses.

How to Send Your Passwords Securely

2  Options

Onetimesecret.com


This service encrypts your sensitive information and creates a link that can only be opened once. You send the link to the intended recipient and once it is opened the data cannot be retrieved again. That way, if your email is ever hacked, the link (which has already been accessed) will not expose the data.

Password Manager

Password managers like 1Password and Lastpass have the ability to securely share passwords with people inside out outside of your team while keeping the data secure. This is the ideal method of transfer, but it doest require that both parties use the same system. 

Conclusion

Remember, no matter how strong your passwords are, they will only be effective if they are kept secret. Having strong passwords means they follow proper password best practices, such as length, complexity, and other criteria. However, it makes no difference how strong a password is if it isn’t kept private. The tips above will help you send passwords securely and keep your information safe.