We’ve all been there – you need to share your login details with someone and you’re writing them an email – but you stop – is this safe?
No, it is not – email is fundamentally insecure. It is not a secure way to send sensitive information.
Why is email fundamentally insecure?
Email messages are often sent over unencrypted connections
When you email a password, it is sent as plain text, which means that it can be easily intercepted by anyone who has access to the networks that the email is being sent over.
This means that an attacker can intercept the email and get the password and use it to access the associated account.
Email servers are often targets for hacker
Even if the email is transmitted over an encrypted connection – email servers can be hacked, and email accounts can be compromised
So you can’t guarantee it will always be secure.
Email messages can be spoofed
Someone can send an email that appears to be from you but is actually from a different sender.
Email accounts can be hacked
This often happens through social engineering techniques (such as phishing scams), but can also happen by guessing or cracking the password to the email account.
Emails can be accidentally sent to the wrong person
We’ve all accidentally sent an email to the wrong person – now imagine if the email had sensitive information like a password!
And even if it did, it’s very easy for the email to be forwarded to others without your knowledge or permission.
Privacy
Many email providers scan email messages for keywords and use this information for targeted advertising or other purposes.
What are 5 alternatives to emailing passwords?
- Use a password manager
- Send the password over a secure messaging app
- Use two-factor authentication (2FA)
- Share the password in person, using a secure method such as a password sheet or password card
- Use a single-use password or temporary password that can be sent to the recipient and expires after use or time