Padlock

How To Send Passwords Securely Via Email

At times you may need to share passwords via email with someone else, for example, someone who’s going to work on your website, or someone who is managing your Google Business listings for you.

If you do need to share a password, it’s a bad idea to send it in plain text by email. Email messages aren’t very secure. Other people besides the intended recipient may be able to gain access to it. And emails can stay around a long time on a computer, meaning they can be rediscovered far in the future.

There are several ways to send passwords securely. To keep this simple, I’ll describe how to use one fairly straightforward approach that has worked well for me in the past.

OneTimeSecret.com

This service provides a secure way to share a password with someone else: https://onetimesecret.com/

You paste in the information that you want to share, then click “Create a secret link.”

Your message will be encrypted, then you will be given a link that you can copy and paste into an email message that you send to the person who needs the information.

When they receive the email, they’ll click the link, and it will show them the “secret information,” which is the password and whatever else you sent them. They’ll only be able to see the information once, then it will be deleted automatically.

For extra security, you can add a passphrase that’s difficult to guess that you then share with them some other way (via a text message or phone call, for example). You can also set the link to expire after 7 days or some other period.

Using One Time Secret ensures that you won’t send the password in “clear text” where anyone who can read the email can see the password. And it means that you won’t inadvertently be leaving a copy of the password on someone else’s computer indefinitely where it can be easily compromised sometime in the future.

Other Concerns

Of course, using this solution implies that you trust One Time Secret. If you don’t, you can peruse their code on Github and even host a version of it yourself, if necessary.