Sending passwords for any type of access nowadays is best avoided wherever possible. However there are circumstances where you may need to do so but you MUST ensure you 100% trust this person / organisation with those credentials. Once you have exhausted all other scenarios then there are a few steps we recommend you take before sharing said password.
Ideally using a password manager and sharing access is preferable. if you’re an existing client of ours you’ll probably already know we’re big advocates of LastPass. Within this application you can share access to a website without the 3rd party ever seeing the actual password. Pretty neat stuff. You can also create sharable folders if you’re collaborating with another organisation and are potentially using singular logins.
This is the most preferable but we appreciate not always the most convenient, especially if you’re in a rush or need something resolving quickly. In these circumstances then Step 2 is probably more what you’re after.
When using one time secret just place the sensitive information in the box. We recommend sending only the password as this piece of information on it’s own is not identifiable. Once created you will be provided with a sharable link that you can only ever retrieve the hidden information ONCE.
The URL will be displayed in yellow after you “create a secret link”
Send an email to whoever needs access with something that look like this:
Login URL: https://example.com
Expires after one use OR after 7 days
One viewed (or left to expire) it can never be viewed again. If they do click the link within the desired time frame they will see the first 2 screenshots. The 3rd image is what you’ll see after it has been viewed / expired.
Whilst sending a password in not always ideal, sometimes its necessary. So when those circumstances do arise, try and do this is the safest and most secure way possible. Here at Spotlight Studios we use a combination of LastPass and OneTimeSecret for internal/external password related communications and sharing.
Something the article peaked your interest? We’re never more than a contact form or a quick call away so please don’t hesitate to get in touch!