Secure Ways To Share Account Credentials with an Agency
Is sharing login information via email safe?
While sending your login credentials over email may be the simplest option, it’s actually not very secure. There are several more secure ways to share that information with someone that we will go over, and if you still like the convenience of or need to send it through an email, we have some straightforward advice to make reduce your vulnerability to hackers.
Why is email not a secure way to share account credentials?
Now that we have established that email isn’t secure for sending sensitive information and that there are better ways to send it. I think it deserves a little addressing as to why is it not safe. So let’s dive in:
- The Information is Unencrypted – The contents of your emails are usually sent and stored in an unencrypted format. Encrypted connections are used for transferring sensitive data. Many email transmissions do not get sent this way. In addition, the storage of the data on servers that handle the email sending, logging, and storing rarely encrypts that data.
- It’s Stored on Several Systems – There are multiple systems involved with email. If even one of those systems is compromised, so is your entire email log. A hacker could easily do a search for “password” or something like that and find any password you have laying around in your inbox or email logs.
- It’s Difficult to Completely Remove – Even if you delete your email, that could still be sitting in your trashes, archives, or even in the recipient’s inbox! If you use one or several third-party inboxes (mobile, desktop, cloud) each one of those is storing that information, so are the recipients. Not to mention if your email server logs the contents of your emails, then it is accessible there too.
- It’s On Your Workstation – Because most people have a desktop or mobile app for emailing it means anyone who happens to have access to those devices has access to your emails.
- Hackers Have Many In Roads – By having multiple systems, devices, and people (ie you and the recipient) storing this sensitive information in an unencrypted way, you give a hacker a lot of potential ways to access that information. So the email route inevitably carries with it vulnerabilities that can be avoided.
What Better Ways are There to Share Usernames and Passwords?
Now that we established some problems with email for sending sensitive formation let’s talk about better solutions. The best solution is to create the agency or personal account of their own. This will enable them access without sharing your personal information. If they reset the password immediately, even sending a temporary password over email won’t really matter since the password would be changed quickly.
However, some accounts require additional costs to create more users or do not allow for multiple users. For those, we have listed out some methods to use, starting with our favorite.
Method 1: Use a secure online form
On our secure order forms, we have fields where users can enter their username and password if we need it. If your agency has something like this in place, we recommend using it, because the information is passed through a secure form and it lives in a limited number of systems that are easy to remove. It is much safer than email.
We personally transfer this info into a password manager, so that it becomes the only place where your password is stored.
Method 2: Use a Password Manager
There are several great password managers out there. A password manager or vault allows you to securely generate, store, update, organize, and share your login information. The general idea is you have one password that gives you access to all your stored passwords. These are commonly used in agencies and amongst developers who need to keep track of a lot of different passwords and share them within teams without security issues.
We like the following password vaults:
- 1Password – Our favorite for its beautiful user interface and rich features
- LastPass – A great alternative with similar features and more flexible plans
To share a password, you would simply use the password vault’s app to share it. Each one has different methods for doing this, but they are very straightforward for sharing passwords with 1Password and sharing with LastPass. With either option, the recipient will need an account with that platform to access it.
What makes this much more secure than sending directly through email is that the information is encrypted and it requires them to have/set up an account to access the credentials you share with them. Why that is so critical, is it means none of the sensitive information is never stored on an unencrypted system and it requires the user to login to a very secure system to view that information.
Method 3: Transfer over Paper or Call
One way to avoid emailing sensitive information or setting up new accounts is by writing it on paper and handing it to the person or by giving them a call and giving the password over the phone.
These methods mean no stored passwords, if you do choose to write it down, just be sure to securely dispose of the paper!
Method 4: Send via Chat
Chat services are a secure way to send information. Many website chat services can handle secure information including passwords.
Chat is more secure than email for these reasons: The data transfer is encrypted, the stored information is password-protected even being 2-Factor Authentication capable, usually limited to a single system, and the data is easy to remove.
If you have a communication system like Slack, this can also be a good method for sharing passwords. The reason is that you can edit or delete your message shortly after sending it. So that password doesn’t stay on the system for very long. Just make sure you take that extra step of removing the message.
How to Securely Send a Password via Email
If you are aware of the inherent security risks but still need to send a password via email there are ways you can mitigate those risks. However, we also recommend taking these precautions for all the methods above as well.
Recommended precautions for sharing your account information
- Change Your Password Before Sending – If you use the same password for multiple accounts, or if you have memorized a certain password. We recommend changing it before sending it so the password you share is unique from any other account. Having unique passwords for every account is a best practice for password security and we recommend it for every method.
- Change Your Password After Completion – Even if the agency or person you work with is a trustworthy entity, it’s a good idea to change your password after they are done with the project, task, or service. You just don’t want people having the keys to your account who don’t need them.