How to Send a Password Securely
Sending passwords for any type of access nowadays is best avoided wherever possible. However there are circumstances where you may need to do so but you MUST ensure you 100% trust this person / organisation with those credentials. Once you have exhausted all other scenarios then there are a few steps we recommend you take before sharing said password.
Option 1 – Use a password manager
Ideally using a password manager and sharing access is preferable. If you’re an existing client of ours you’ll probably already know we’re current users of LastPass. Within this application you can share access to a website without the 3rd party ever seeing the actual password. Pretty neat stuff. You can also create sharable folders if you’re collaborating with another organisation and are potentially using singular logins.
This is the most preferable but we appreciate not always the most convenient, especially if you’re in a rush or need something resolving quickly. In these circumstances then Step 2 is probably more what you’re after.
Option 2 – Send in a secure way
- IMPORTANT: Ensure your password it’s unique (i.e. not something you use in 10+ other places). We recommend something that looks like this “43Q336ep6&WA&r#“
- DO NOT send as a plain text email. Instead opt for a service like https://onetimesecret.com/ where you can keep sensitive information out of your email and chat logs.
- Final Step: Once the provider has done what they need to, reset the password so it’s anonymised once again.
How to use One Time Secret
Step 1: Create a Secret URL
When using one time secret just place the sensitive information in the box. We recommend sending only the password as this piece of information on it’s own is not identifiable. Once created you will be provided with a sharable link that you can only ever retrieve the hidden information ONCE.
Step 3: Copy the Secret URL
The URL will be displayed in yellow after you “create a secret link”
Step 3: Send the Secret URL to the 3rd Party
Send an email to whoever needs access with something that look like this:
Login URL: https://example.com
Expires after one use OR after 7 days
One viewed (or left to expire) it can never be viewed again. If they do click the link within the desired time frame they will see the first 2 screenshots. The 3rd image is what you’ll see after it has been viewed / expired.
Whilst sending a password in not always ideal, sometimes its necessary. So when those circumstances do arise, try and do this is the safest and most secure way possible. Here at Spotlight Studios we use a combination of LastPass and OneTimeSecret for internal/external password related communications and sharing.
Something in the article peaked your interest? We’re never more than a contact form or a quick call away so please don’t hesitate to get in touch!