How To Send Passwords Securely

Jun 21, 2022

Find out why the safest way to send passwords to your staff might be not sending them at all.

Shradha GoyalTeam Lead
How To Send Passwords Securely

Your business uses passwords for countless applications, devices, and online activities. However, passwords are known to be a major source of data breach in companies. They are often forgotten and expire, and become compromised in the process of resharing.

IT or security managers, who are responsible for managing, recreating and sharing passwords, must know safe ways to send passwords to employees. Here are some best practices to follow to ensure your company data remains secure while you communicate passwords when required.

Password security tip for small businesses: Keep it secret

Passwords need to be strong. That means ensuring they adhere to password best practices for length, complexity, and many other factors. But it doesn’t matter how strong a password is if it doesn't stay secret.

This might seem obvious, but you have to be careful. Employees can be careless with security practices and help desk admins are vulnerable to social engineering schemes. Systems can be compromised, and data breaches may expose credentials.

According to GetApp research, a lot of employees tend to forget their passwords and resort to questionable ways to remember one. A huge 60% of people use the same password for multiple accounts, without realizing that reused passwords are the most vulnerable to cybersecurity risks.

Moreover, about 22% employees admit to writing passwords down on paper, 19% say they use an online version of Microsoft Word or Google Docs to save passwords, and about 41% say they use personal information, such as date of birth, to create memorable passwords (you can find our methodology at the bottom of this page).

With employees indulging in unsafe password management practices, clearly, your business is already fighting an uphill battle when it comes to securing passwords. However, knowing your ‘not to dos’ and equipping employees with password management tools can help reduce security risks.

Password Management practices

Want to send passwords safely? Here’s what NOT to do

Let’s go ahead and rule out a few options. You want to avoid any transmission that could be intercepted, which means emails and text messages are no longer viable choices.

1. Never email passwords

Emails often consist of plain text (i.e., not encrypted) and are commonly relayed from server to server across multiple networks before arriving in your inbox. Even after they’ve been deleted, email files may continue to live on in various servers across multiple providers.

Email servers and accounts can also be hacked. Consider the 2013 Yahoo breach, which impacted more than 3 billion accounts and still stands as the largest data breach in history. Moreover, emails can be intercepted between sending and receiving. And even if your email provider says it encrypts messages on their servers, the email might not remain encrypted during transit or on the servers of the recipient’s email provider. Therefore, emailing is one of the most unsecure ways to send passwords, and must be avoided in all circumstances.

2. Never send passwords via text messages

Text messaging technology, also known as short message service (SMS), has been around since the mid-80s and is generally not secure. When you type a message into your mobile device and press send, it bounces across cellular towers and may be stored on multiple providers’ networks.

Much like email, a text message might be encrypted during some of its journey, but probably not all of it. For these reasons, text messages are also a poor choice for sending two-factor authentication (2FA) passcodes.

Pro tip:

This is not to say that there aren’t secure messaging platforms or privacy-minded secure email services that offer end-to-end encryption. There are. But, ultimately, you need a scalable solution that is purpose-built for the task of securely communicating a password.

What is a safe way to send passwords? Use password managers

It’s never been more crucial to have a secure way to organize, maintain, and distribute passwords, particularly with the rise of remote work and the need to remember even more usernames and passwords for newly adopted software. That’s where password manager apps shine.

Password managers are specifically designed to store usernames and passwords for all of the websites and applications your employees use every day to help protect sensitive data and secure confidential information. In most cases, a user only needs to log in to the password manager account to gain access to a secure vault containing all of their credentials and access to business applications and websites.

Password managers also improve your organization’s security hygiene. If an employee is opening a new account or simply needs a password reset, a random and highly secure password can be generated automatically. You can also set rules to ensure security policies are followed (e.g., prevent employees from using the same password for multiple accounts) and implement enhanced security measures such as 2FA or biometric authentication. You can also set an explicit and detailed password policy to ensure that every employee uses strong passwords and follows security regulations (full report available for Gartner clients).

Also read: Password policy best practices you should be following

Password manager apps make sure employee credentials are protected with strong encryption and stored safely in the cloud—rather than on a note attached to their monitor. In the end, the best way to send passwords securely is to use a password manager so you don’t have to send them at all.

Ready to find the best password manager app for your business?

GetApp Data Security Survey Methodology

GetApp’s 2021 Data Security Survey was conducted from August 20 to August 24 among 973 respondents to learn more about data security at U.S. businesses. Respondents were screened for full-time employment and 90 identified as their organization’s IT security manager.

About the author

Shradha Goyal

Team Lead
Shradha Goyal is team lead—content at GetApp, covering industry specific trends for small businesses. In her 10-years+ writing career, she has written extensively on real estate in The Times of India, Economic Times, and 99acres. She is an MBA graduate from the Indian Institute of Management, Kozhikode, and holds a keen interest in marketing. Besides work, she loves traveling and cuddling with her Lhasa Apso.
Visit author's page