How to Share a password #passwordMonth

How to share a password in the 21st century?

This post is part of #passwordMonth at Pope Tech, all throughout October we are sharing tips on how to have a good strategy so you don’t become a story at one of our presentations.

How to share a password in the 21st century? So this seems like a simple question, but it can be pretty easy to get wrong. Lets first start by how not to share a password:

 

Email your password!

This is the easiest and our clients generally will do this if we don’t tell them not to. You shouldn’t email your passwords because emails are inherently not secure, they were never designed for most of what we use them for and sharing the password to your domain isn’t a good use of email. Emails are stored in multiple places sometimes for seemingly forever. So if either parties email accounts are ever hacked and the password isn’t changed.. You got it, so is your other account.

Emails also are not encrypted in transit. So Don’t email a password!

 

Text your password!

This one is about the same as emails, not secure, saved in multiple places and backed up on multiple servers.

 

Text or email them in separate messages!

On some level this is better as they have to have both but in the end it is the same risk.

 

Say it over the phone

This can be less convenient, but is better because your password isn’t in multiple indexed places that one person using the same password on their email account won’t reveal for years to come. Not inherently secure but odds of getting hacked have significantly improved.

 

Well then, How can I send my passwords?

This is when people just start getting frustrated, I just need to get this message to this person…

So here are 2 ways we recommend at Pope Tech for securely sharing your passwords:

  1. Use a vault manager
  2. Or secrets.pope.tech

 

Use a vault manager

This is how we share passwords internally at Pope Tech, Vault managers include LastPass, Pass Pack, and many more – you can see Pc Magazine’s review here – http://www.pcmag.com/article2/0,2817,2407168,00.asp. This works great for sharing passwords when both sides use the same tool.. When a client needs to send us a password on the other hand this won’t work as they don’t have the same tool most likely.

Later this month we will post on Vault Managers vs. Remembering your passwords for more information on the advantages of a vault manager.

 

Use Secrets.Pope.Tech

Normally recommending that you use our product would be shameful self promotion but in this case it isn’t really our product but an open source application that we set up on our server to make this easy for our clients, but even if you aren’t our client you can use it too. Anyone can send passwords or other sensitive data securely to anyone.

Now when a client needs help launching their website we send them to secrets.pope.tech, they put in the password, the server generates a unique url that they can send to us through the normal channels.

 

What makes this better you ask?

Their are other ways to share a password but you should make sure that it follows the following criteria:

  • Encryption – data is encrypted with the latest standards as a fail-safe if the data does fall into the wrong hands
  • Logs or a way to know if someone else viewed the data
  • Don’t store data longer than necessary

You can see how secrets.pope.tech follows those standards here – https://secrets.pope.tech/security/.

Also of note you can download the open source application that runs secrets.pope.tech and run it on your own server.