Your business uses passwords for countless applications, devices, and online activities. But passwords are often forgotten, expire, or become compromised. That means you need to send and reset passwords for employees again and again.
So what’s the best way to securely send passwords to employees? Let’s find out.
Passwords need to be strong. That means ensuring they adhere to password best practices for length, complexity, and many other factors. But it doesn’t matter how strong a password is if it doesn't stay secret.
This might seem obvious, but you have to be careful. Employees can be careless with security practices and help desk admins are vulnerable to social engineering schemes. Systems can be compromised, and data breaches may expose credentials.
According to GetApp research, 44% of consumers depend on their memory to keep up with passwords. That means a lot of employees are going to forget their passwords and need a new one. More alarming, 53% of people use the same password for multiple accounts, and a full third (34%) admit to writing passwords down on paper (you can find our methodology at the bottom of this page). Clearly, your business is already fighting an uphill battle when it comes to securing passwords.
Let’s go ahead and rule out a few options. You want to avoid any transmission that could be intercepted, which means emails and text messages are out.
Emails often consist of plain text (i.e., not encrypted) and are commonly relayed from server to server across multiple networks before arriving in your inbox. Even after they’ve been deleted, email files may continue to live on in various servers across multiple providers.
Email servers and accounts can also be hacked. Consider the 2013 Yahoo breach, which impacted more than 3 billion accounts and still stands as the largest data breach in history. Moreover, emails can be intercepted between sending and receiving. And even if your email provider says it encrypts messages on their servers, the email might not remain encrypted during transit or on the servers of the recipient’s email provider.
Text messaging technology, also known as short message service (SMS), has been around since the mid-80s and is generally insecure. When you type a message into your mobile device and press send, it bounces across cellular towers and may be stored on multiple providers’ networks.
Much like email, a text message might be encrypted during some of its journey, but probably not all of it. For these reasons, text messages are also a poor choice for sending two-factor authentication (2FA) passcodes.
This is not to say that there aren’t secure messaging platforms or privacy-minded secure email services that offer end-to-end encryption. There are. But ultimately, you need a scalable solution that is purpose-built for the task of sending passwords securely.
It’s never been more crucial to have a secure way to organize, maintain, and distribute passwords, particularly with the recent rise of remote work and the need to remember even more usernames and passwords for newly adopted software. That’s where password manager apps shine.
Password managers are specifically designed to store usernames and passwords for all of the websites and applications your employees use every day to help protect sensitive data and secure confidential information. In most cases, a user only needs to log in to the password manager account to gain access to a secure vault containing all of their credentials and access to business applications and websites.
Password managers also improve your organization’s security hygiene. If an employee is opening a new account or simply needs a password reset, a random and highly secure password can be generated automatically. You can also set rules to ensure security policies are followed (e.g., prevent employees from using the same password for multiple accounts) and implement enhanced security measures such as 2FA or biometric authentication.
Password manager apps make sure employee credentials are protected with strong encryption and stored safely in the cloud—rather than on a note attached to their monitor. In the end, the best way to send passwords securely is to use a password manager so you don’t have to send them at all.
GetApp conducted this survey in January 2020 among 487 respondents to learn more about consumer password behaviors.