{"id":44608,"date":"2020-10-05T07:18:54","date_gmt":"2020-10-05T07:18:54","guid":{"rendered":"https:\/\/www.glassmountains.co.uk\/?p=44608"},"modified":"2021-01-30T11:29:08","modified_gmt":"2021-01-30T11:29:08","slug":"sending-passwords-securely","status":"publish","type":"post","link":"https:\/\/www.glassmountains.co.uk\/campfire\/sending-passwords-securely\/","title":{"rendered":"Sending passwords (securely)"},"content":{"rendered":"
As a WordPress development & support company, we tend to have access to lots of client’s website credentials, and we often need to send passwords to clients. In this article, we’ll explore how we do that as securely as possible.<\/p>\n
First, let’s look at how not<\/em> to do it\u2026<\/p>\n When providing someone with credentials to a website (credentials<\/em> being the username\/password combination), you may first reach for the obvious tool: email.<\/p>\n The problem with email is this: email accounts are prone to be hacked, and if they are<\/em> hacked, all emails are typically stored in plain text – giving hackers a massive database of opportunities.<\/p>\n One method to improve on this is to break up the credentials into two separate emails; password in one email, username in the other. For the same reason above, this doesn’t add much more protection.<\/p>\n A further extension to the above is to send the password via a different channel like WhatsApp, text, message, or Facebook Messenger etc. These are certainly better than email, though this method is not foolproof.<\/p>\n Tip: if you do this, the best method is to warn the recipient that you are sending the details via email, and then send the password (and only<\/strong> the password) in the other channel (e.g. WhatsApp). That way your WhatsApp message has no context as to what the password means or gives access to.<\/em><\/p>\n A better method still is this: grant the recipient one time access<\/em> to the password information using a system like One Time Secret<\/a>:<\/p>\nPlain Text<\/h2>\n
Breaking up (is hard to do)<\/h3>\n
Crossing the Streams<\/h3>\n
Alternative: One Time Secret<\/h2>\n