Contact Us
Blog June 3, 2014

Security Update: Why Avoid Sending Passwords Over Email?

“Why can’t I send the password through email? It’s super easy and convenient!”

No, unfortunately, the statement above is false…and dangerous. The potential for accidental disclosure of private information is high. Employees may not understand the consequences of such disclosure or may not be aware of the confidentiality of certain types of data.

Common-Sense Password Security Measures

To help your team conduct themselves appropriately in regard to maintaining password security, establishing company policies can help maintain consistency. At the very least, put measures in place to force all users to update default passwords. Additionally, implementing automatic password expiration periods every 60-90 days can also help ensure that any users leaving your organization, such as contractors or temporary staff, do not maintain unlimited access after they stop working for you.

Another password best practice is to encourage a minimum of eight characters or more. Managers should designate password policy settings in a single accessible repository. It’s also important to follow up with team leaders to ensure team members at large are following established password protocols. Your sysadmin should also organize automated password expiration policies.

Dangers of Emailing Passwords

Sending passwords through email is a common practice in the workplace which is a bad habit.  If you are on the receiving end of a password transferred, be sure to change it immediately after logging into the desired system. There are many reasons the emailed passwords can be dangerous including:

  • email is sent in plain text
  • email often is stored on several systems along the way to your mailbox
  • email often is stored on your computer in plain text or other unencrypted formats
  • many copies may exist in many places, even after “deletion”
  • your account’s security may have been compromised even before you read your email (changing the password will not help in this case)

Whether you are sending or receiving a password, security best practices recommend that you avoid email entirely and use the phone or Encrypted Instant Messaging instead.

At Connectria we play it safe and use our secure customer portal which encrypts all communication between our engineers and customers.

Learn more on our Security & Compliance page.

Related Resources

Introducing Connectria’s IBM and AWS Hybrid Architecture
Today, most companies recognize the clear benefits of digital transformation, from improved IT agility and global scale to the cost-saving benefits of the transition from…
How HITRUST Transforms HIPAA/HITECH Requirements Into Actions
Compliance measures, responsibilities, and technologies are constantly evolving for healthcare IT. The primary concern for most healthcare organizations is focused on maintaining compliance with HIPAA/HITECH…