As a digital agency we need passwords from clients. The question is always how to securely hand over passwords?
There are a couple of low tech solutions. In person or over the phone, these are low tech but high intensity, as users need to be together or available for a call.
In person is perfect, the client logs in but the username/password combination still needs to be remembered - see the related article “Password Management - The Modern Scourge”.
A phone call works too and is secure but reciting long complex passwords over the phone can take a couple of attempts. “Cap A, Lower c, is that a zero or an O?”
Sometimes this is the only way, especially with two factor authentication.
One tech solution is to communicate passwords through encrypted emails.
Gmail now has a feature for this, which is very helpful.
On your computer, go to Gmail.
In the bottom right of the window, click Turn on confidential mode . Tip: If you've already turned on confidential mode for an email, go to the bottom of the email, then click Edit.
Set an expiration date and passcode. ...
There are also Open Source encrypted email services.=
Another tech solution is to send passwords in a password vault file from a password manager. Most of these solutions are optimised for sharing passwords across companies and teams not with third parties. It’s pretty straight forward if all the users are sharing the same password manager but more complicated when clients need to be invited to a new application. Many companies do not allow staff to sign-up or install third-party applications.
And finally sending username/password combinations through separate mediums, username via email, password via text message or chat. This is the preferred method for banks and high security industries so seems like the best option for communicating sensitive information.
All in all, there’s no winning formula but a combination of all the above.