It’s super easy and convenient! No, unfortunately, the statement above is false…and dangerous. The potential for accidental disclosure of private information is very high. Employees may not understand the consequences of such disclosure or may not be aware of the confidentiality of certain types of data. Passwords sent from employee
e-mail accounts are exactly what cyber criminals look for. They will dig through all your emails, inbox, send and deleted just to find that one password in which will allow them to gain access to other accounts.
Dangers of Emailing Passwords
Sending passwords through email is a common practice in the workplace which is a bad habit. If you are on the receiving end of a password transferred, be sure to change it immediately after logging into the desired system.
There are many reasons the emailed passwords can be dangerous including:
Email is sent in plain text
Email often is stored on several systems along the way to your mailbox
Email often is stored on your computer in plain text or other unencrypted formats
Many copies may exist in many places, even after “deletion”
Your account’s security may have been compromised even before you read your email (changing the password will not help in this case)
Whether you are sending or receiving a password, security best practices recommend that you avoid email entirely and use the phone verbally or Encrypted Instant Messaging instead.
How to Keep and Share Passwords Securely
Below are a few options when it comes to safely send passwords:
Share a password verbally, either over the phone or in-person
Send a password through an encrypted email source
Use a password vault to store and share usernames and passwords
Many copies exist in many places, even after “deletion”
Headlines sharing bad news of poor password policies, or lack of enforcement for good policies, are not far and few. While passwords are essential in protecting your company and other proprietary information, there is a right and wrong way to go about it. Long story short, it’s not your password, it’s the user. The world would be much easier if bad guys didn’t try so hard, so users didn’t need to have strong, and therefore complicated, passwords. To make this easy for you and your team, you should create a password protocol that favors longer and stronger passwords that are also updated more frequently.