We’ve all shared a password on a post, or in a text chain, but that can seriously compromise your security. Here’s a safer way to do it.
You Might Be Leaving a Trail Without Noticing
Messages and emails are the worst offenders. Passwords sent through them stay in plain view, on your phone and theirs, until someone actively deletes them. Scroll far enough in your chat history, and you’ll find credentials you’d forgotten you’d sent. Screenshots push that risk further. They almost always end up in a cloud backup, whether that’s iCloud or Google Photos. That means the password is now sitting in a searchable archive, stored in multiple locations, connected to accounts you might not even remember setting up. If you absolutely have to, break the login up. Put the username in a message and give the password on a phone call.
Burner Links For Temporary Access
For sharing credentials temporarily, burner links are the safest option. Bitwarden Send lets you write a password into an encrypted note and send a link that destroys itself. You can decide how many times it can be opened, and when it will be deleted. The person on the other end doesn’t need Bitwarden to read it.
Creating one takes about as long as sending a text. Open Bitwarden, go to the Send tab, choose text, paste the login details, set the expiration time, how many times the link can be viewed, or lock it down with an optional password. Then click the three, dots next to the Send item and copy the link. Send the link instead of your text. Your friend can click it, see the password, use it, and the link auto expires. There are a bunch of other services like this that don’t ask you to sign up or log in.
Sharing With Your Teammates Or Family
If you don’t want to reveal your password at all, you can use the “password vault” in your password manager. Bitwarden has one, so do 1Password, LastPass, and Proton Pass. The person you’re sending the login to will need to install the password manager and sign up.
Most password managers have vaults or collections where you can place login details and share the entire collections or vaults with people via email. Bitwarden calls them “Organizations,” but organizations are a paid feature. If you want to create and share vaults for free, try Proton Pass. Start by logging into Proton Pass in your browser or the app. Create a new vault and give it a name. Next to the newly created vault, you’ll find a share button. Here, enter the email address your teammate or family member used to sign up for their Proton account. Then, set their level of access: admins can control vaults, editors can manage logins, viewers can only view the shared info.
Your friend will receive an invitation in their inbox. It’s just a notification though. To actually join the shared vault, the other person has to install the Proton Pass extension or install the app, and then access the prompt for joining the new vault. With that, they’ll be able to view the logins, secure notes, or other stuff you’ve placed in the shared vault.
If they’re already using Proton Pass, the shared passwords will show up in their autofill menus, which makes shared vaults pretty convenient.
Cut Access Right Way
If you’ve sent passwords or sensitive info in a message or a screenshot, that old version can still live in their backups, browser saves, or chat history, so it’s a good idea to change those passwords right away. And if you can, wipe the logs or chat histories. For a one-time share, remember to change the password once after they’ve used it. Rotating passwords in general is a good idea as long as you’re using a password manager to keep track and auto, fill logins.
For a shared vault, it’s easier to revoke access. You can either remove that member from your vault, or remove the login item from the vault. Open the shared vault, click the Share button, then Manage Access. Find their email address in the members list, click the three-dot menu, and choose Remove Access.
You never need to share sensitive login info in plain text. It’s much safer to share an encrypted link or a vault, and it’s even better to share a magic link that doesn’t even reveal the raw passwords.
For more information on solutions for running your businesses’ technology more efficiently, visit our website or contact Megan Meisner at mmeisner@launchpadonline.com or 813 448-7100 x210.
This was originally posted by HowtoGeek.