By Talos Team September 14, 2022
Key Principles
A key principle of password security is to keep your passwords to yourself, however sometimes sharing them is unavoidable. Regardless of how you are using your account (corporate or otherwise) it is essential that you take the appropriate steps to share your passwords securely.
The Dont’s
-
Send passwords by text message or email. Text messages can be easily intercepted, searched and found inside a smartphone.
-
Write passwords on a piece of paper (and go live on TV). They are not only easy to lose or misplace, but they are also easy to find for any malicious user.

-
Share them over social media or messaging apps. Similar to SMS and email, any messaging or social media platform with private messaging poses a security threat. These messages are not protected and leaving your accounts connected on multiple devices or multiple browsers leaves the doors open for malicious users.
-
Store passwords in digital notes apps. Writing a password inside a digital notes app does not improve the situation compared to writing it on a post-it. Even those apps aren’t secure, especially since they weren’t designed to store passwords or sensitive information.
The Do’s
-
Use end-to-end encryption. The ideal way to securely share a password is to use a self-encrypted end-to-end solution. As you send your password securely, it stays encrypted all the time, not allowing anyone to see it. If it is not possible to use an automatic end-to-end solution, tools such as GPG can be used.
-
Consider using a password manager. Password managers make our life easier. Note: Pick one that doesn’t get hacked every year, did anyone say LastPass?
-
Track your sharing history. Another useful strategy is to keep track of the sharing history. Many password managers allow this by storing information about each password you have shared: changes, shares, modification dates, and version histories.
Bonus Tips
-
Do not use the same password for all services. One of the most common mistakes: always using the same password. It is one of the most wrong practices because it would allow a malicious user to gain access to all the services to which we are registered with a single password.
-
Enable two-factor authentication where available.. Where available, always enable two-factor authentication. If a password is compromised, it will be much more complicated for an attacker to access the service.