How can my clients easily send me passwords securely?

5

1

Possible Duplicate:
How can clients easily and securely send me passwords?

I often need to get passwords from clients for FTP, SSH, MySQL, Authorize.net, etc.

What's an easy way for them to send me passwords securely? Maybe even without them needing a login/password?

Ideal: An easy way for non-tech-savvy people to send encrypted email.

Good: A web-based secure message system (hopefully in PHP) that I could host and run over SSL. I haven't been able to find anything like this.

Maybe I'm asking the wrong thing or the wrong way. Any suggestions are appreciated!

Adam DiCarlo

Posted 2009-08-11T19:31:19.523

Reputation: 358

Question was closed 2009-08-11T22:59:28.253

I created an open source project that does just that. You should be able to set up your own install in minutes. It's freely available on GitHub under the MIT license. https://github.com/MichaelThessel/pwx

– Michael Thessel – 2015-09-27T03:58:08.187

2

Perhaps this would be better on superuser? (password @ http://blog.stackoverflow.com/2009/07/super-user-semi-private-beta-begins/)

– bdonlan – 2009-08-11T19:33:39.813

1No need to repost, the question can be moved automatically. If it does get moved, and there are duplicates, one or the other will get closed. – bdonlan – 2009-08-11T19:54:16.590

be sure to link your account on superuser though, either way... – bdonlan – 2009-08-11T19:55:05.840

Note - this question was reopened on SU as http://superuser.com/questions/21391/how-can-clients-easily-and-securely-send-me-passwords - it should be migrated and one or the other closed as a duplicate.

– bdonlan – 2009-08-11T19:59:32.820

How do I close my question here? And can SO and SU karma be linked? I've linked my profiles on Stackoverflow, Serverfault, and Superuser, but not sure I did it ... right. – Adam DiCarlo – 2009-08-11T20:03:22.483

1@Adam, karma is not shared between sites (however if you have >200 on one site, you can get a 100 bonus on the others by linking to that account). The question needs moderator intervention or two more user votes to migrate or be closed - I'd suggest going to meta.stackoverflow.com and requesting that it be closed in a support-tagged post since you can't flag or close-vote yet, and I've already flagged it for you... :/ – bdonlan – 2009-08-11T20:22:29.437

Actually at 31 karma you might be able to flag ... if you see a flag link on your question hit it, choose needs moderator attention, and explain the situation briefly. – bdonlan – 2009-08-11T20:23:08.640

@bdonlan, thanks for the responses and for being gentle to a noob! – Adam DiCarlo – 2009-08-12T02:46:26.313

Answers

3

The one that works best for me is the old fashioned verbal method over a telephone.

Another easy way, which shouldn't go wrong, is two email addresses on different providers ideally.
One for usernames, One for passwords, and you get match them up by the name of the sendee, and the date/time they were sent.

Bravax

Posted 2009-08-11T19:31:19.523

Reputation: 197

I was thinking of telephone... :) – None – 2009-08-11T19:42:52.743

then just hope that nobody has J&h7q/?9p as a password – Stefano Borini – 2009-08-11T20:24:10.057

2Stefano. What as a password? I see that as *********. – None – 2009-08-11T20:32:02.973

2@Bravax: He said securely. – arathorn – 2009-08-11T20:44:50.910

3

A common solution is to use PGP - there's a good guide here called eMail Encryption for the Lazy. Whether it is suitable for your needs you will need to determin, but it's worth a look.

Dan Diplo

Posted 2009-08-11T19:31:19.523

Reputation:

1

Use Passpack. Its a free online password manager that is very simple and very secure.

It fully supports sending encypted communications and has very strong support for sharing passwords.

They even provide a movie to help users understand how to share their data.

Michael La Voie

Posted 2009-08-11T19:31:19.523

Reputation: 131

0

You can try this function: mcrypt-cbc.

Leandro

Posted 2009-08-11T19:31:19.523

Reputation:

0

There isn't an easy response. This is a basic crypto problem.

IF you and your clients already share a commom password, or a public/private key pair, you can encrypt emails using that to send other passwords.

If that isn't the case you should look for a secure mean to exchange keys. A SSL connection almost does the trick except you can't authenticate the client (nor can the client authenticte you) without previously exchanging a public/private key pair. So you can ignore this little problem and setup a ssl-accessible webpage for example, or if good security is required then a personal or phone exchange is better.

Heck, even faxing the key split into several pages, one page at a time so an eavesdropper couldn't get the whole key, might be an acceptable way.

Kristoffon

Posted 2009-08-11T19:31:19.523

Reputation:

0

Just use Skype! :) Skype chat is encrypted.

Vitaly Kushner

Posted 2009-08-11T19:31:19.523

Reputation: 1 360

Asked: 2009-08-11T19:31:19.523

Viewed: 2 190 times

Active: 2009-08-11T22:32:57.183