Web Design & Development

How to Share a Password Securely

In this article, learn how to share a password securely. Your web developer will need access to your web hosting account and FTP to create your website. You may need to create and send out  passwords for other users in your organization. How can you create good passwords and share them securely?

Is it secure to send passwords over email?

No. Email is not a secure way to share passwords. This article from Defending Digital explains more in depth why email and text messaging are not secure systems.

Vector carrier pigeon drawing holding envelope

When you send a password in readable text over email, it is stored on your email server. Even if you delete the email, it may go to the trash and not be deleted for some time. If someone hacks into your email, they could find a treasure trove of passwords right in your account. Beyond that, it may be stored on various servers on its way to you, and it may be intercepted on its way to you. If you receive a password by email, particularly if the username and/or the link to the service is included, log in to the service, and change your password immediately.

How can I share a password securely?

There are various services you can use to send a message that will self-destruct after the message viewed, or after a certain amount of time. To ensure you are using this type of method in a secure fashion, be sure to send the password alone, without accompanying information about what the password is for. You can email your developer to let them know you’re going to send them the username and password for a specific service, and then send the information through one of the services listed below.

  • 1TY.ME

    1ty.me doesn’t require an account. Simply enter the information in the textbox, and click on Generate Link.

    Use 1ty.me to send your passwords securely

    Copy the link and email it to your correspondent. Once the link is visited, it is destroyed in the 1ty.me system and cannot be revisited.

    send your passwords securely with 1ty.me
  • NoteShred

    Noteshred requires you to sign up for an account, but the service is free. Once you create an account, you can send a note directly from the interface.

    Share a password securely with Noteshred

    Noteshred also shows you your activity – you can see whether a note has been received and read, or shredded.

    See whether your recipient has viewed your note

    If someone does find the link to your note hanging out on a server somewhere, by the time they view it, it will look like this:

    Notes that have been viewed or expired are shredded.
  • One Time Secret

    One Time Secret works in a similar fashion. You enter your secret information, and you set the amount of time the link should be active. Once your recipient views the link, it will no longer be active or viewable by anyone ever again. If you create an account, you can further secure your message with a passphrase. If you’re not comfortable signing up for an account with your real email address, you can even sign up with a temporary one.

    Send passwords securely with onetimesecret.com

    Once the secret has been viewed, if anyone else tries to see it, they will not be able to:

    Your one time secret is no longer accessible once it has been viewed.
  • Quick Forget

    Quick Forget allows you set the secret to be viewed a specific number of times, and to be forgotten after the number of hours you determine.

    QuickForget.com lets you send passwords securely

    As with the other services, you’ll have a link to send to your recipient:

    share passwords securely with QuickForget.com

    If the secret has been viewed the allotted number of times, or the time has expired, the secret is gone:

    Your secret is forgotten forever
  • NoteRip.com

    NoteRip allows you to send “self-destructing” notes – private notes which will be destroyed after it is read, or at the latest on the expiration date, 7 days after its creation. If you create an account on the site, you’ll be able to track who has read your note and when, but an account is not required to use the site. With advanced options, you can set the expiration date to the length you prefer, between one and ninety days.
  • Another option is to store your passwords in a good password manager, and give your web developer technical access to a folder containing only the sites he may need to access. To send the password manager password, use one of the methods above.

Using any of these methods to share a password securely will help protect your accounts.

Other best practices for password and access security

  • When possible, add your developer as a technical contact.
    This way, your developer can access the services required, but doesn’t have access to your billing area or other sensitive information.
  • Use secure passwords.
    How-To Geek gives some good password creation tips here. You can also use a password generator, like Password Generator or Secure Password Generator.
  • Don’t save your passwords in your browser.
    Instead, use a password manager.
  • Create a new username and password for each person on your team who requires access to the services.
    When a user moves on, you can simply remove his access rather than trying to remember all the passwords he has access to and changing them all.
  • Split up the information.
    Use one type of communication (phone, text message) to inform your contact that you’ll be sending a password to a specific service. Then use a different channel, like email, to send the link generated by one of the services above.
  • Perform periodic access audits.
    Remove any users who are no longer with your organization.

Making security a priority is the best thing you can do to keep your website, your personal information, and your visitors’ information safe.

See our featured website design work

Check out some of the beautiful websites we’ve built for over 2,000 clients.

We offer WordPress support & maintenance

Shake the stress of ongoing maintenance with plans supported by our team of WordPress experts.

Related articles