Why can’t I send the password through email? It’s super easy and convenient! No, unfortunately, the statement above is false…and dangerous. The potential for accidental disclosure of private information is high. Employees may not understand the consequences of such disclosure or may not be aware of the confidentiality of certain types of data.
Dangers of Emailing Passwords
Sending passwords through email is a common practice in the workplace which is a bad habit. If you are on the receiving end of a password transferred, be sure to change it immediately after logging into the desired system. There are many reasons the emailed passwords can be dangerous including:
- email is sent in plain text
- email often is stored on several systems along the way to your mailbox
- email often is stored on your computer in plain text or other unencrypted formats
- many copies may exist in many places, even after “deletion”
- your account’s security may have been compromised even before you read your email (changing the password will not help in this case)
Whether you are sending or receiving a password, security best practices recommend that you avoid email entirely and use the phone or Encrypted Instant Messaging instead.
How to Keep and Share Passwords Securely
Below are a few options when it comes to safely send passwords:
- Share a password verbally, either over the phone or in-person
- Send a password through an encrypted email source
- Use a password vault to store and share usernames and passwords
Headlines sharing bad news of poor password policies, or lack of enforcement for good policies, are not far and few. While passwords are essential in protecting your company and other proprietary information, there is a right and wrong way to go about it. Long story short, it’s not your password, it’s the user. The world would be much easier if bad guys didn’t try so hard, so users didn’t need to have strong, and therefore complicated, passwords. To make this easy for you and your team, you should create a password protocol that favors longer and stronger passwords that are also updated more frequently.
Common-Sense Password Security Measures
To help your team conduct themselves appropriately in regard to maintaining password security, establishing company policies can help maintain consistency. At the very least, put measures in place to force all users to update default passwords. Additionally, implementing automatic password expiration periods every 60-90 days can also help ensure that any users leaving your organization, such as contractors or temporary staff, don’t maintain unlimited access after they stop working for you.
Another password best practice is to encourage a minimum of eight characters or more, and the use of a mix of capitalization, lower case letters, numbers, and special characters. Managers should designate password policy settings in a single accessible repository. It’s also important to follow up with team leaders to ensure team members at large are following established password protocols. Your sysadmin should also organize automated password expiration policies.
At Connectria we play it safe and use our secure customer portal which encrypts all communication between our engineers and customers.
Learn more on our Security & Compliance page.