Why Avoid Sending Passwords Over Email?

“Why can’t I send the password through email? It’s so convenient!”

If you’ve heard or thought about this question before, you’re right – it is convenient! But is it safe? Not so much.

Sending passwords through email is a common practice, but the potential for unintentional disclosure of private and personal information is sky-high. This tends to happen frequently in the workplace, as employees may not understand the ramifications of such disclosure or may not be cognizant of the confidentiality of certain data.        

If you find yourself on the receiving end of an email that contains a password, be sure to change it right away following the login process. If you want to be even safer, contact the sender and ask them to reset the password and tell you the new password over the phone.

Be vigilant about trusting other types of sensitive information with any system administrator who sends passwords over email and insists that it is secure. If they are practicing this method that puts your online security in jeopardy, it wouldn’t make sense to trust them with your credit card information, for example.

The reasons why emailing passwords is not secure

  • Emails are often sent in “clear” or “plain” text. That means the content of the email is unencrypted. If the email is intercepted, it’s trivial to extract your password from it.
  • Your email is often stored in several systems or servers on its way to you. It will be saved in the sent email of the account it comes from, your own email server, and possibly any other systems or servers it passes through.
  • If any one of those systems is compromised, it can reveal your password to hackers.
  • Your email is also often stored locally on your laptop or workstation in plain text. If that were to get into the wrong hands, hackers would have access to your passwords.
  • Even deleting emails doesn’t necessarily mean they are gone forever – they can hang around in trash folders or elsewhere.
  • If the password for your email account is hacked, criminals can get access to all the passwords that are emailed to you, simply by requesting password resets.
  • Sending passwords over Slack or other chat applications is not secure either – apps with varying levels of encryption may retain messages on their servers for a time period, which could lead to exposed message data to sanctioned monitoring or snooping.

Security best practices recommend that you always avoid emailing passwords at all costs. Be safe, not sorry!

How to send passwords safely

While these options aren’t quite as convenient as simply emailing a password, you will save yourself the stress of dealing with a security incident in the long run. Relay them to your team at work so everyone is practicing secure email habits. Here are a few ways to send passwords safely:

  • Communicate passwords verbally, either in person or over the phone.
  • Send passwords through SMS or text message.
  • Use a “one-time password” — this type of password simply allows a user to log into your system where they are then asked to choose a new, secure password.
  • Use encryption to add a cipher to emails — try services like Pretty Good Privacy and Safe Gmail.
  • Use a password manager to securely share passwords with others, such 1Password.

Ready, Set, Secure

Practicing secure habits takes some advance planning, but it’s worth it when you’re protecting your vulnerable private information, as well as your company’s confidential data. Create strong passwords from the very beginning – the 16-character combination of lower and upper case letters, symbols, and numbers is proven to be the most secure. Once you have created a password, enable two-factor or multifactor authentication, which are technologies that give you an additional layer of security. For example, you might get a text message on your phone when you try to log in or you could have a security token or smartphone app. Without access to that information, hackers can’t compromise your information and logins.

Just a few simple precautions and steps can protect your privacy, identity, and personal information from hackers and other unseemly characters. Communicating password-sharing policies to your team will set the standard and prevent security incidents from arising. There’s no excuse for ever sharing a password in an email again – your security will thank you for it!