In your business, you use countless apps, devices and other online activities, such as social networks, with just as many passwords. These passwords are often forgotten, expire or are compromised. So you need to reset them and constantly send them back to your employees. Only, as you know, passwords should not be in the clear in an unsecured environment.
What is the best way to send passwords to your employees without compromising security? That’s what we’ll find out in this article.
1. In person
We start with a common sense measure: when the recipient of the password is only a few meters away from you, it is best to go and give it to him in person. It is much more secure than using an internal company chat or sending an e-mail.
Is your employee not working on site? You can call him/her by phone, if the security level of the mobile or fixed devices is satisfactory, or if the login/password is not too sensitive for platforms that are themselves already very secure (like social network accounts).
2. By mail
If time is not on your side, sending by post can also be considered. This solution, among the least used, is however a very secure solution. Only nowadays, we have to get the elements at the moment we ask for them…
If it is a very sensitive access, you can send it in 2 steps (login, and separate password), by registered mail, and even if possible to two different addresses. The recipient can destroy the documents once used.
3. By SMS
If the recipient has an urgent need for his accesses, it is possible to transmit to him by SMS but there too, it is necessary to take some precautions. As for the mail, it is wise to proceed in 2 times and to two different numbers.
In the first step, the connection identifier can be sent to the number of the recipient’s manager, for example, or to his personal number. The second SMS, containing the password, will be sent to his business phone number.
This way, if one of the two phones is hacked, spied on or even stolen, the hacker will only have half of the access: this will not be very useful and you will have time to react by changing the password again, in case of an alert.
Since the probability of a malicious person taking control of the two phones involved is negligible, the risk is clearly limited.
4. By Email
Of course, there is no way to send sensitive data, such as a login and password, via unencrypted email. However, it is quite simple to communicate passwords via encrypted emails.
To encrypt your emails, you can use a variety of open source software. These tools require a bit of installation and initial configuration, but it’s worth it if you need to send a lot of sensitive emails. You can turn to a tool like Enigmail.
5. With a secure password sending tool
None of the solutions listed so far are to your liking? There is one last solution: use one of the many specialized services available online.
You can use these services to send a message that will self-destruct once the recipient has viewed it, or after a time limit you set.
To ensure that you are using this method safely, be sure to send the password alone, without information about the function of the password. You can send an email to your recipient letting them know that you are going to send them the username and password for a specific service, and then send them the information through one of the services listed below.
1ty.me does not require you to create an account. Simply enter the information in the text box and click on “Generate Link”.
Copy the link and send it to your correspondent. Once the link is visited, it is destroyed and cannot be seen again.
Noteshred is free but requires you to open an account. Once your account is created, you can send a note directly from the interface.
Noteshred also shows your activity: you can see if a note has been received and read, or if it has been shredded.
Quick Forget allows you to define a “secret” to be consulted a certain number of times, then forgotten after a number of hours that you determine.
As with the other services, you will have a link to send to your recipient, and if the secret has been accessed the specified number of times, or if the time has expired, the secret is gone.
In order to ensure the security of your corporate accounts, remember also to follow the best practices to properly secure your passwords.
We also advise you to use a password manager to avoid forgetting your passwords or worse, to fill in the same one everywhere! Implementing such a solution in your company will also limit the sending of passwords between employees.