So you’re talking to someone online and you need to share a password or another sensitive piece of information – what do you do? Send it in an email or instant message? Your sensitive information will sit around in email archives and chat logs forever. You’ll need one of those tricks up your sleeve.
There are many ways to share a piece of information without it appearing in your chat logs and emails. Whether you want to make the message self-destruct, use a password vault or send an encrypted file, we’ve got you covered.
Split The Secret Into Pieces
Sending a username, password and website address together is dangerous because the information has context. If you send each piece of information over a different communication method — say instant messaging, email and text message — you’ll be a lot safer. This doesn’t hide the sensitive information entirely, but it scatters the information around and removes the context, making its use unclear.
You can use the same method even if you only have a single secret to share. For example, you could split a password into three parts and send each via a different communication method.
Exercise some caution when doing this. Send an email to a Gmail account, an instant message over Google Talk and a text message to a Google Voice number and that’s one stop shopping for data thieves.
Send A One-Time Message
Websites like Privnote and One Time Secret allow you to send a message that can only be read once. Just access the website, enter your sensitive information and you’ll get a link you can send to your friend or colleague. After they click the link and access the information, it’ll be immediately deleted from the website. Anyone examining your old emails or chat logs won’t be able to click the link and access the information.
Another alternative is DestructingMessage, which creates messages that self-destruct on a timer. When the other person opens the page, a countdown starts and the message will implode and vanish from their screen when the timer reaches zero.
If you’re worried about trusting the websites themselves, you can use this in combination with the secret-splitting method. Send the username over email and send the password as a self-destructing message — the website will have no idea what that password is for.
Share With A Password Manager
Password managers like LastPass contain built-in password-sharing features. Share a password with another LastPass user and it’ll appear in their LastPass vault. The same method works for secure notes, so you can use LastPass to share any bit of text in an encrypted form.
Beware the “Password Will Remain a Secret” feature here if you’re using LastPass. LastPass tries to hide the password from the other user, but anyone with a little technical knowledge can get around that and view the password when LastPass autofills it on a webpage.
Send Encrypted Files
Encrypted files are the classic, old-school way to send secrets. Write a simple text file with the information, then encrypt it with a password that only your friend or colleague knows. You’ll want to decide on this password ahead of time, ideally in a face-to-face situation.
The recipient can use a decryption program to decrypt your file and access the sensitive information. As a bonus, this method allows you to send sensitive files as email attachments. It won’t matter that the email attachments sit around because no one can read them without decrypting them.
We’ve covered quite a few ways to send encrypted files in the past.
Go Off the Record
Gmail and many desktop chat clients automatically log every message you send, but they also have an off-the-record mode. All logging is disabled in off-the-record mode, so you can send messages and omit them from your chat logs.
If you’re chatting from Gmail or Google+, you can select the “Go Off the Record” option in the Actions menu and both Gmail accounts will stop logging until you go back on the record. Be careful – if your contact is using a desktop chat client, their chat client may continue to log messages on their computer.
Desktop chat applications also have off-the-record plug-ins. For example, the OTR plug-in for Pidgin provides encryption and deniability for sensitive conversations, but it can also disable logging when you and your contact go off-the-record. (this option isn’t enabled by default, though).
How do you send sensitive information online? Do you have a better method for keeping sensitive information private? Let us know in the comments.