Password Security 101
Passwords in Email
Sending Passwords in Email
Sending passwords through email is a common practice. It is also a very bad practice. If you are on the receiving end of a password transferred this way, be sure to change it immediately after logging in. If you remain uncomfortable, ask the sender to reset the password and use the telephone to acquire the new password.
Be very wary about trusting sensitive information with any system administrator who insists that passwords via email are safe. What other practices are considered safe at this site? Would you trust this person to protect your credit card number, for example?
Emailed passwords are dangerous for all of the following reasons:
- email is sent in plain text
- email often is stored on several systems along the way to your mailbox
- email often is stored on your computer in plain text or other unencrypted format
- many copies may exist in many places, even after "deletion"
- even encrypted email can be broken in to, given enough computing time
- your account's security may have been compromised even before you read your email (changing the password will not help in this case)
Whether you are sending or receiving a password, security best practices recommend that you avoid email entirely. Play it safe. It's always the best policy.
Link To This Page
Knowledge is power. The Bitmill Inc. encourages links to our site. To link to this page, please cut and paste the following HTML code into your web page source file.
<a href="http://www.thebitmill.com/articles/password_email.html">Passwords in Email</a>
Your link will look like this:
Passwords in Email
Thank you for your interest and support.
