“Why can’t I send the password through email? It’s super easy and convenient!”
The potential for accidental disclosure of private information is high. Employees may not understand the consequences of such disclosure or may not be aware of the confidentiality of certain types of data.
Sending passwords through email is a common practice in the work place which is a bad habit. If you are on the receiving end of a password transferred, be sure to change it immediately after logging into the desired system.
Emailed passwords are dangerous because:
- email is sent in plain text
- email often is stored on several systems along the way to your mailbox
- email often is stored on your computer in plain text or other unencrypted format
- many copies may exist in many places, even after “deletion”
- your account’s security may have been compromised even before you read your email (changing the password will not help in this case)
Whether you are sending or receiving a password, security best practices recommend that you avoid email entirely and use the phone or Encrypted Instant Messaging instead.
At Connectria we play it safe and use our secure customer portal which encrypts all communication between our engineers and customers.