subscribe: Posts | Comments

Securely Share Passwords and Other Simple Information

0 comments
Securely Share Passwords and Other Simple Information

If you’re just sending a username, password, or other line of text (like a credit card number), protect your info with a few simple tricks:

Easy and Pretty Secure: Break the Message Up Into Chunks

Sometimes all it takes to increase your security is a little obscurity, and that’s what this method is all about. You send the sensitive data over separate channels so that only the recipient is likely to have context for what it all means. Let’s say you wanted to share a username and password with someone over the internet. Here’s the basic idea:

  • In an email, send the username with an accompanying message—something like “I’ve texted you the FTP password”.
  • Text the password separately, with no context.
  • The recipient receives the password, saves it elsewhere, and deletes the text message.
  • Even if your recipient doesn’t delete the message (which you can’t count on), a snoop would have no context for what it applies to. The basic idea could work in any direction, as long as you’re separating the context from the information. Is it 100% foolproof? Absolutely not. But it’s better than nothing, which is what many of us are doing now.

If you want to get even more creative, you could send someone the first half of the password via SMS, the second half via email, and let the recipient know over IM how it’s been broken up. That way, a thief would have to have access to both their email, IM account, and their phone. You get the idea.

Less Practical, But More Secure: Use LastPass

Password management service LastPass is still one of the most secure ways to create and store passwords, and if your recipient is also using it (or if you can convince them of how great it is and get them signed up), sharing passwords and other small notes securely is extremely easy. Just pop into your LastPass vault, click the “Share” link next to the password or secure note you want to share, type in your recipient’s email address, and LastPass will take care of the rest—securely. If you’re sharing login credentials, you can choose to share the actual password (so your recipient can learn what it is) or just share access to the credentials in question, so your friend or colleague can log without actually learning your password.

Securely Send Documents and Other Files

If you need to send full documents—like paperwork for your job or a saucy photo—you’ll need the help of an external service. Here are our favorite ways to securely send files.

Easy and Pretty Secure: Share it with Dropbox

Even if your recipient isn’t using the popular file-syncing service Dropbox, you can still use it to securely share files with them. Here’s how:

  • Drag the file into your Dropbox. Anywhere in your Dropbox is fine; it doesn’t need to go in your Public folder.
  • Once your file is synced (you’ll know it is once it’s got that green check mark next to it), right-click on it and choose Dropbox > Get Link. This will copy its shareable link to your clipboard.
  • Send that link over email or text message to your recipient, and they’ll be able to securely download your file.

Since Dropbox encrypts everything you upload and download over a secure HTTPS connection, your file transfer should be secure from start to finish. The one notable exception: Dropbox’s mobile app doesn’t use an encrypted connection, so be careful not to upload the file from your phone over an open Wi-Fi connection, and if your recipient does use Dropbox (and you want to share the file with them through Dropbox’s shared folders), make sure they don’t use the mobile app to download it.

If you want to add a little extra security to this method (since anyone with access to your recipient’s email could click the link and get the full file), you could use also employ the “half and half” method from section one: Send half the link to your recipient over email, and the other half over text message. They’ll have to type it in manually instead of just clicking on it, but as long as their phone and email are secured with passcodes, this creates another level of security a thief would have to go through to get at your file.

Less Practical, But More Secure: Send It In an Encrypted ZIP File

The most secure way to send a file, though, is to encrypt it with a password. There are a lot of ways to do this, but we like to use our favorite archive utility, 7-Zip. Here’s how to do it:

  • Select the file or files you want to send, then right-click on them and go to 7-Zip > Add to Archive.
  • In the window that pops up, stick with the default values. Under “Encryption”, enter a password and choose AES-256 as the encryption method. Then click OK to create the archive.
  • Email the resulting ZIP file to your recipient, and send them the password over text message or some other medium (don’t put it in the same email as the file!) so they know how to open the archive.

This method is very secure, but it has one downside: this method requires that your recipient have a program that can open encrypted archives. Windows’ native ZIP handling does not, so they’ll need to download something like 7-Zip, PeaZip, or another good archive utility to open it up. And, if one of you is on a Mac, there are some other good compression apps that will let you password-protect your files, though most cost a bit of money.

Leave a Reply