Do you know the best way to share a password externally?

Last updated by Tiago Araújo [SSW] 11 months ago.See history

Often an organization needs to share a password to a 3rd party. Perhaps a client or a vendor require a password. There are a few ways that this could be achieved but some are less secure than others.

  • Email - sending an email containing the username and password for anything is the worst thing you can do. If that email falls into the wrong hands it is immediately compromised.

    passwordsharing1
    Figure:Bad example - Never share secrets using email

  • Email + SMS - Sending a username via email and the password in SMS is slightly better but is still a little bit risky as both services could be compromised and often people sync their messages to their PC, so this is still too risky.

    passwordsharing2
    Figure: Bad example - Email + SMS is better but still insecure

  • OneTime Sharing via a 3rd party - You could use a service such as OneTimeSecret to share the secret details. This is better but there is still a small risk that the 3rd party website could be compromised and your details are still leaked.

    passwordsharing3
    Figure: Bad example - One Time Secret sharing via a 3rd party is better

  • Share via your Enterprise Password Manager - This is the most secure way to share a secret with an external 3rd party. With products such as Keeper Enterprise all of your passwords remain safe inside your own vault and can generate a link or a QR code to send to your client.

    passwordsharing4
    Figure: Good example - Create a One Time Secret using Keeper Enterprise

    passwordsharing5
    Figure: Good example - Generate an email, link or QR Code directly from Keeper Enterprise

We open source. Powered by GitHub