A small, but frequent part of our day to day operations at COLEwebdev is both sending and receiving sensitive client information, such as passwords and credit card numbers. Often times this information is sent via email, which is not secure. Despite us instructing, and pleading with our clients to stop this behavior it continues, which puts our clients at risk of being compromised.
There are better options, that are more secure and still convenient ways to send confidential information digitally.
iMessage – If you have an iPhone, the iMessage app (called just Messages) offers fully encrypted communications. Client can send us their passwords, via iMessage and be confident that the delivery, and storage of that information is protected from prying eyes.
Other Apps – If you’re using an Android phone there are multiple apps that offer fully encrypted messaging:
Telephone – While not technically “digital” and slightly less convenient than copy+pasting, the good ol’ traditional telephone is a more secure way to communicate sensitive information.
PWPush – We consider this method a “fall back” and one used for less sensitive information transmission. PWPush allows you to send a password via email, using an temporary link that expires after a specific number of views and/or days.
Gmail Confidential – While far from perfect, Google now offers a confidential mode that allows for an expiration date and prevents the recipient from forwarding, printing and downloading the message. Google explains the shortcomings “it doesn’t prevent recipients from taking screenshots or photos of your messages or attachments”.