Padlock

How To Send Passwords Securely

At times you may need to share passwords with someone else, for example, someone who’s going to work on your website, or someone who is managing your Google Business listings for you.

If you do need to share a password, it’s not a good idea to send it in plain text by email. Email messages aren’t very secure. Other people besides the one that you are sending it to can, at times, gain access to it. Email isn’t necessarily transmitted securely. And emails can stay around a long time on a computer, meaning they can be found later, causing you trouble down the road.

There are a number of ways to send password securely. To keep this simple, I’ll describe how to use one approach that’s fairly straightforward that has worked for me in the past.

OneTimeSecret.com

This service provides a secure way to share a password with someone else: https://onetimesecret.com/

Basically, you paste in the information that you want to share, then click “Create a secret link.”

Your message will be encrypted, then you will be given a link that you can copy and paste into an email message that you send to the person that needs the information.

When they receive the email, they’ll click the link, and it will show them the “secret information,” which is the password and whatever else you sent them. They’ll only be able to see the information once, then it will be deleted automatically.

For extra security, you can add a passphrase that’s difficult to guess that you then share with them some other way (via a text message or phone call, for example). You can also set the link to expire after 7 days or some other time period.

Using One Time Secret ensures that you won’t be sending the password in “clear text” where anyone who can read the email can see the password. And it means that you won’t inadvertently be leaving a copy of the password on someone else’s computer indefinitely where it can be easily compromised sometime in the future.

Other Concerns

Of course, using this solution implies that you trust One Time Secret. If you don’t then you can peruse their code on github and even host their code yourself, if necessary.