6
1
When I work with some bigger clients that have large IT departments, they always send me my login details via email. If my email was being watched by a nefarious type, they could easily gain access to sensitive data.
What would be a better way to share this kind of data with someone?
dallen
Posted 2011-10-25T03:53:27.017
Reputation: 163
8
You could request that emails are PGP encrypted, requiring you to decrypt the email on your end.
The could create a password-protected Word or PDF file and email that to you as an attachment with a predetermined password that you discussed on the phone.
They could call you on the phone and you could write down the credentials in a secure password keeper like 1Password.
Another option may be to setup provide the person with an application that connects securely to a web service and uploads the data over an SSL connection.
Chris Thompson
Posted 2011-10-25T03:53:27.017
Reputation: 4 765
6
For SFTP logins, you could send them your public SSH key so that they enable it, and you use no password at all, but only a passphrase which unlocks your key.
glglgl
Posted 2011-10-25T03:53:27.017
Reputation: 1 327
Remember that password protected word files do not protect against a brute force attack – Matt Wilko – 2011-10-25T13:57:44.257