You’ve probably heard that you should never share passwords. And as a general rule, that’s good advice to follow. Passwords are the keys that unlock access to everything we do online, so you want to be smart about keeping them safe and private.
But the reality is that we often need to share passwords with spouses, family, friends, coworkers, business partners, caretakers, and others.
So when faced with the need to share passwords or other sensitive information, what’s the best way to do it? Here’s some tips on how to do password sharing securely (and quickly).
QuickForget sends secret, self-destructing messages over email
QuickForget.com is a simple website that lets you to store a “secret” – basically any text information – set an expiration date for the secret, and then get a URL so you can share the secret link with another person via chat or email in a fairly secure manner.
It’s easy to use, fast, and FREE. You can try it be going to the website (https://quickforget.com) and typing in or copying/pasting the secret that you want to share – such as a password or some other sensitive information like a credit card number.
Below is a step-by-step guide (with screenshots):
Next, you can add up to 3 attachment files (optional). The default expiration settings will make the secret expire after 2 views or after 72 hours, but you can change them if desired.
Once you’re ready to share, click “Save my secret”:
QuickForget will then work it’s magic and create a unique URL link, which you should copy to your clipboard (select the entire URL, right-click, then select “Copy”):
Finally, paste the copied URL into an email (or chat conversation), along with any other relevant information required, and share the secret:
In the above example, when John receives your email and clicks on the special URL you created, he’ll be able see the secret you shared with him:
However, If the URL has expired, either because it’s been viewed too many times or because the expiration time has passed, the secret will have been “forgotten” and the URL will no longer reveal the secret.
Pretty nifty, right?
Example use cases
The two great features of QuickForget are: 1) it generates unique, encrypted links that you can quickly share via chat or email, and 2) it permanently deletes the links automatically, protecting the secret that was contained in the link.
This can be especially useful when sharing information with third-party vendors, i.e. people who work outside of your organization.
For example: suppose you hired a web design agency to spruce-up your company’s e-commerce platform. The web agency will likely request administrative access to your web hosting services to be able to perform their normal job functions – in other words, they’re going to ask for your passwords.
Similarly, in the managed IT services industry, we ask for new client’s admin passwords during our initial on-boarding process, and maintain a secure password vault as part of ongoing duties as our client’s outsourced IT department.
Don’t share passwords in plain-text!
QuickForget is an easy way to provide outside vendors the information they need, while at the same time protecting your information by deleting it when it’s no longer needed.
But why go through the trouble? Why bother creating fancy custom URLs, when you could simply share a password by emailing it to someone?
Writing down a password is never a great idea – and it’s an especially bad idea to write a password in “plain-text” and send it to somebody in an easily-read email message.
Why? The reason is because if a hacker manages to gain full access to your email account (or to the account of your recipient), they will be able to read every single received/sent message in those email accounts – including the messages containing plain-text passwords.
Once an email account is taken over, the hackers can easily harvest those plain-text passwords automatically, and then break into the accounts which used those plain-text passwords.
This is an increasingly common scenario, especially given the prevalence of credential attacks targeting individuals and small business users, so caution should be taken. The fact is, email accounts are hacked every day, so users should be extra careful and follow basic security best practices: good “password hygiene” is one of these practices.
You can follow a few essential protocols to help protect the passwords you’re responsible for. Be sure to only share passwords with other authorized users, share passwords using encrypted (NOT plain-text) methods such as QuickForget, use a password manager such as LastPass to store passwords, and finally enable multi-factor authentication (MFA) for your primary email accounts to guard against credential attacks and password compromises.
Although QuickForget is an incredibly handy tool, feature-wise it’s pretty bare bones, and may not be the best fit for all use cases.
For example, organizations with strict data security requirements will find that QuickForget lacks the ability to audit user access (i.e. track who’s accessing the information) which is generally a must-have feature to be in compliance with data security regulations such as PCI DSS and HIPAA.
QuickForget was acquired from it’s original creators in 2014 by Automattic, a San Francisco-based company tasked with maintaining the QuickForget service, along with other popular web services such as WordPress.com and WooCommerce.
If you have any questions about password management or other security best practices for your Los Angeles-based small business, contact us for help.