One of the earliest parts of our conversations with new clients is the question, “Can you send me over your login details to your hosting, domain name registration and website?”
But before we can start to tell them how to share the details with us safely, the complete login details often land in our email inbox, helpfully labelled “Here are our passwords”.
And we shudder.
What is wrong with this picture?
Let’s take a step back and share the true story of one of our tradie clients.
Not too long ago, he was with a dodgy hosting company and hadn’t been keeping his website tech stuff updated.
This was a ticking time bomb, and before too long, the hackers had struck and had not just gotten into his website but had made their way into his hosting (and his emails).
One of the first things that many hackers do is search for the terms “Username” or “Password” in emails.
These hackers found a treasure trove of login details that the tradie had shared via email with his virtual assistant, and merrily took over his Facebook/Instagram accounts, and had a field day shopping up a storm on many of his accounts. The tradie is still unravelling the financial damage months later.
So, sending usernames and emails via regular emails is bad! Very bad! As bad as you having enjoyed half of your pizza before realizing that it wasn’t pesto but mould on your mozzarella sort of bad.
But you still need to get your login and password details over to your virtual assistant, web designer, marketer, or IT guru.
What do you do?
You can invest in corporate level password keeper programs that allow you to sync and share passwords across teams. But if you are not of that scale, or you just want to only share one thing with one person, then the password keeper solutions may be overkill.
You can also try phoning and telling the person over the phone. This is my least preferred option. “Was that a capital or a lowercase? How many zeros again? Can you describe which angle the line is slanted? Nope that still doesn’t work.”
Here are three easy options to share confidential information with people that won’t create security dramas for you down the track.
1. Combination – Email/Text
The simplest solution for many people is to send the username via email and then text through the password to the person who needs to receive it.
This works well when the password is short (and insecure). But by the time you are hitting 16 characters + passwords, the person receiving it is likely to make mistakes when they try to transcribe it (and then mutter words that would make your mother blush).
2. Dropbox / OneDrive
You can set up a folder in Dropbox or OneDrive and then share the folder with the person who needs to access it. Inside the folder, pop your passwords into a simple Word or Excel document.
Extra bonus points if you password protect the Word or Excel document. Then you can share the password for the password protection via text or one of the other methods we outline below.
We love this method. It is simple and elegant. However, if one of the parties doesn’t use Dropbox or OneDrive (or want to use them), you need to consider other options.
3. Online Tools – Quick Forget / InfoEncrypt
There are some useful online tools designed to help send sensitive information via email. Two of our favourites are Quick Forget and InfoEncrypt.
The beauty of these tools are that your information self-destructs just like in any good spy movie (but without the trench coats, bad accents, and bursts of flames while the secret burns).
The person setting the secret can choose how quickly the information destructs – ranging from a single view through to a few days.
These two tools don’t set cookies, add metadata, or save any identifiable information about you.
They are free and easy to use, and they allow the end reader to copy and paste the secret information, rather than manually having to read things back only to make a mistake.
Quick tip no matter what tool you use, keep your information sharing bland. Instead of username – you could just say U Instead of password – just say P.
If you need to share a URL login link as well as the username and password, create two secrets: One for the URL and one for the Username and Password.
Try not to have all the information that someone would need to access critical information in one location.
How to Share Information Using QuickForget
- Go to QuickForget
- Enter in your secret.
- QuickForget allows you to upload files (We don’t recommend you do that. Use Dropbox instead for file sharing).
- Choose how many views or how many times the secret can be seen before it self-destructs. (Hint: You “checking” the link to see if it worked is counted). The default number of views is 2.
- Choose in how many hours your secret will self-destruct. This means that even if the person you send it to doesn’t look at the secret, your information will still self-destruct when you tell it to. The default is 72 hours. I usually shorten this to 24 hours or less.
- Click the Save My Secret button.
- You will then be taken to a screen with a URL link. Triple-click into the little white box with the URL to select the entire string of numbers, then right-click and choose to copy the link. Paste it into an email you send your web or IT person.
- While you can use the email this link button (it auto-generates an email for you to send), I am personally not a fan and prefer the old school copy and paste method.
Send your QuickForget email to the person, and they will be able to access your secret just by clicking the link. When they open your link, they will also be able to see how many more times they can view your secret and when it will self-destruct.
QuickForget is easy to use, and most of my clients (no matter how tech averse) can navigate it.
The downside is anyone with the link can view your information, so keep the number of views to a bare minimum and keep the time until self-destruction short to reduce the risk.
How to Share Information Using InfoEncrypt
InfoEncrypt is designed for even more secure information sharing than QuickForget.
InfoEncrypt, like its name suggests, encrypts your information, and while you still get a URL to share, you also need to share the decryption password with the end-user; otherwise, no one sees anything.
So that even if your URL falls into the wrong hands unless they also have the password to decrypt the information, then your information remains safe.
The other difference is that the encrypted message remains alive for a fixed 90 days, at which time it then self-destructs.
For added security, only the encrypted information is stored on the host company’s servers and not the original message or the password. (In other words, if you lose the password, then you can kiss goodbye to the message).
- Go to Infoencrypt.
- Enter in your secret.
- Set your password and confirm the password.
- Click the Encrypt button.
- Click the “Yes, save and give me a link” button.
- You will then be taken to a screen with a URL link. Click the link, and you will be taken to the URL.
- Copy and paste the URL into an email you send your web or IT person.
- Remember also to share the password to decrypt the message in a text or a separate message.
The bottom line is to never send all your login details to anything in an email. Always presume that emails are not the safest things in the world and will be hacked, and then take that one extra step to protect your information.
Nothing stops a determined hacker or thief. But you may as well make it a darn bit harder for them!