How To Send Sensitive, Secure Emails, Passwords, And Files Without Fear

lock   How To Send Sensitive, Secure Emails, Passwords, And Files Without Fear
So, here’s a common case: You need to share a password with someone, but if you just email it to them, it’s going to languish in their inbox and be exposed to any future hacker that might gain access to their account. Or perhaps you want to share a longer note, but don’t want to email it for the same reason: You don’t want the other side to have a permanent record of it, and you don’t want it to be intercepted by third parties. Finally, you might want to share a file securely, and be able to remove it once the other party (or parties) get it.

No matter your scenario, I’ve rounded up several solid ways to get your data across securely and privately. No single way provides perfect security (what is, really?), but they sure beat plain text notes.

Sharing Passwords and Text

The most important thing you can do after reading this post is to stop emailing passwords in plain text. Seriously – don’t do this, if you care even a little bit about the password in question. Some people send the password along with the service’s name (“My eBay password is …), which is just crazy. But even if you send the password on its own, in an email with no subject or other contextual info, a third party might still be able to infer what the password is for. After all, Gmail (for example) saves chat logs alongside messages – so if you had a Google Talk chat with someone discussing a password and he mentioned emailing it later, an attacker could quickly figure it out.

So, sending encrypted text or securely sharing files can be considered luxuries, but securely sharing passwords is really not.

Old School: Pre-Shared Transposition Cipher

In truth, you don’t need any software to maintain pretty solid security when emailing passwords. Take this, for example:

transpose   How To Send Sensitive, Secure Emails, Passwords, And Files Without Fear

Let’s say this is a password I emailed you. Only it’s not really the password: I’ve shifted the letters around a little bit. You and I both know I shifted them, and how, because we’ve discussed it in advance in another medium (say, Skype or phone). But an attacker won’t know I’ve shifted anything, and won’t even suspect it, because passwords often aren’t words or sentences. So the attacker would try to use “maeflrfyt” to log into a website, and would fail and move on… because the text actually says something else. Can you guess what it says? You don’t need any software to figure it out, I promise. Take a moment and try.

Okay, I’ll tell you: It says “makeuseof.” But how does it say that? If you’ve been following my posts, you know I use an alternative keyboard layout called Colemak. So what I’ve done is type the word “makeuseof” using QWERTY key locations, but on a Colemak keyboard. For example, where “k” falls in QWERTY, it’s actually “e” in Colemak:

colemak1   How To Send Sensitive, Secure Emails, Passwords, And Files Without Fear

So, anyone who has a Colemak map can easily read this cipher – they just have to know that’s the method I used. Of course, you don’t need an alternative keyboard to use this simple system. Even if you and the other party just agree to shift each letter by two (so, “c” instead of “a”, “b” instead of “z”), your password will far, far more secure than if you email it in plaintext. I like this solution because it requires no third-party software – just a brain.

Without An Account: BurnNote

Okay, but what if you have something a bit longer to share? Say, a saucy email that can get you booted off your senior position in the CIA, or any other passage of text. For longer texts like this, a manual cipher becomes impractical – I wouldn’t expect anyone to slowly analyze a sentence letter by letter. But here’s another caveat: To be extra-secret, you don’t want to open an account anywhere. You don’t want to email your message or be linked to it in any other way. For this kind of work, Burn Note is ideal. This simple service lets you create password-protected notes that self-destroy once opened (the recipient has 180 seconds to read them by default), and can even be protected from copying. Creating a note looks like this:

burnnote1   How To Send Sensitive, Secure Emails, Passwords, And Files Without Fear

Then, once you click Send, you get a short link:

burnnote2   How To Send Sensitive, Secure Emails, Passwords, And Files Without Fear

The short link is nice, because it means you can even dictate it over the phone and don’t have to send the link itself in text if you don’t want to.

Then, when your recipient comes to view the message, Burn Note lets them know they have only a limited time to view it:

burnnote3   How To Send Sensitive, Secure Emails, Passwords, And Files Without Fear

And my favorite part is viewing the message in Spyglass mode (which you, the sender, can specify):

burnnote2   How To Send Sensitive, Secure Emails, Passwords, And Files Without Fear

Basically, your mouse cursor turns into a circle, and you move the circle over the window to reveal parts of the text. This seems gimmicky at first, but it’s actually brilliant: Not only does this prevent the recipient from copy/pasting the text, but they can’t even make a screenshot saving the message! Someone clearly put quite a bit of thought into this service, resulting in a truly secure and account-less way to share blocks of sensitive text.

With An Account: SafeGmail

Okay, so Burn Note is fantastic if you don’t want an account. But what if you don’t mind having an account, and are just looking for a way to quickly encrypt emails? If you use Gmail, you’re in luck: SafeGmail offers a simple and free solution. This free Chrome add-on plugs into the Gmail Web interface, adding an encryption checkbox to every message you compose:

gmail   How To Send Sensitive, Secure Emails, Passwords, And Files Without Fear

You pick a question showed to your recipient, and specify the answer. Safegmail then encrypts your message using PGP, so it looks like this to your recipient:

gmail3   How To Send Sensitive, Secure Emails, Passwords, And Files Without Fear

In other words, just a block of code with a link (the algorithm used is very secure). When clicking through to the SafeGmail interface, the recipient is asked to answer the question you’ve posed:

gmail5   How To Send Sensitive, Secure Emails, Passwords, And Files Without Fear

And then paste in the encrypted email:

gmail7   How To Send Sensitive, Secure Emails, Passwords, And Files Without Fear

Once they do that and click Show My Mail, the message is revealed:

gmail9   How To Send Sensitive, Secure Emails, Passwords, And Files Without Fear

The biggest advantage here is how nicely encryption is integrated with Gmail. I wish decryption was integrated in the same way, but even so, this is a useful service if you routinely email encrypted information.

With A Paid Account: LastPass

Last but certainly not least, there’s the paid version of cloud-based password manager LastPass. The free version can be used to manage your own passwords, but LastPass Premium has a nice feature that lets you securely share passwords with other people. Nicer still, you don’t actually have to pay for LastPass Premium: We’re giving away 1-year LastPass Premium accounts over at MakeUseOf Rewards!

Sharing Files

Okay, so we’ve seen three different ways to share text – now let’s talk about transferring files. This is simpler, because file-sharing services are incredibly common these days.

Without An Account: Ge.tt

There are many services that let you upload files and share a link with others without opening an account, but sadly, most of them are pretty spammy-looking and full of ads and other nags. One notable exception is the clean, elegant and free Ge.tt:

gett   How To Send Sensitive, Secure Emails, Passwords, And Files Without Fear

Ge.tt couldn’t be simpler to use, really: Just drag and drop any file onto your browser window (assuming you’re using Chrome), and off it goes. You then get a nice short link to share, and can send it to anyone you wish to give the file to. You can then go back to the same link yourself (as long as you don’t delete your browser cookies or switch computers, of course), see how many people downloaded the file, and quickly remove it from the service. Easy, free, and oh so slick.

With An Account: Dropbox, Google Drive, Or SkyDrive

This is an obvious one, but deserves a mention: Probably the most secure way to share files with specific individuals is using Dropbox, Google Drive, or SkyDrive. Dropbox and Google Drive both have optional two-factor authentication, and if all parties involved switch it on and have strong passwords, the result is a very secure, private transfer medium.

Final Thoughts

Did this post make you re-think your password-sharing habits, or other ways to share information? Do you think Burn Note is useful, or is it just a gimmick? And did I miss a great way to privately share info? Let me know in the comments!

Oh, and one last thing: dyys ilce!

Image credit: 3D Padlock via Shutterstock

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

38 Comments -

0 votes

Scott

Hmmm… I thought the first example said “Mayflower f[or] You Tube.” ;-)

About the Chrome extension: would the developer of that add-on have access to the information that you are encrypting ?

0 votes

Erez Zukerman

As far as I know, they wouldn’t.

0 votes

Gman

Further obfuscation. Change all the text color to match the background.

0 votes

Erez Zukerman

Could be nice in combination with the other methods, yes. Especially at the very end of an email message.

0 votes

Giggity Goebbels

Lol ageee

0 votes

Giggity Goebbels

*agree

0 votes

Gabriel Rodriguez

Has anyone triedhttps://encipher.it ?is it safe?

0 votes

Douglas Mutay

I have always used encipher it. I can guarantee you that it’s very secure.

0 votes

Gabriel Rodriguez

Great! I’ve only used it a couple of times but never felt it was secure enough.

0 votes

Din One

Does this really safe? Sure no logs on that server?

0 votes

Erez Zukerman

Can never be 100% sure, of course, but looks like it.

0 votes

Lisa Santika Onggrid

My approach is simple: Never share password. It’s meant to be personal.

0 votes

Erez Zukerman

That’s definitely sensible. :)

0 votes

Bob

Why not use public key encryption. GnuPG (easiest to use with Thunderbird and Enigmail – but many other clients will do) gives you uncrackable encryption for free – why bother with anything less safe.

0 votes

Erez Zukerman

Not all recipients are comfortable with GnuGP, but I did mention one GnuGP-based solution in the post.

0 votes

Nicola De Ieso

Does safegmail really secure?

0 votes

Nicola De Ieso

How I use Safegmail on the new composition window in gmail?

0 votes

Erez Zukerman

There’s an “Encrypt” checkbox as shown in the screenshot above.

0 votes

Nicola De Ieso

But that is the old composition interface. I have the new instead

0 votes

Erez Zukerman

Oh, I suspect that’s not supported. Can always ask the addon’s developer. :)

0 votes

Nicola De Ieso

Yes, I will ask the developer. Thanks

0 votes

Âdil Farôôq

really useful post thanks for it :)

0 votes

Mac Witty

Looks useful even if I prefer to share it with Dropbox as I always use it

0 votes

Douglas Mutay

Wow. I have always wondered if this was possible. I am especially amazed with burn out. Sound very brilliant. Thanks

0 votes

ha14

Stenography can be interesting to send files hidden in photo.

0 votes

Vishal Srivastava

Burnout looks amazing. Hoping that I’ll be able to try it…

0 votes

Bud

With a pre-arranged agreement with another, I simply use ” AAAAAAA@AAA.AAA
as a means for security and stop spammers, phishing scammers, and the like……

0 votes

Bud

“A” representing my first name, and “AAAA” my last name

0 votes

André Kamara

I just visited https://burnnote.com/ and it seems like you need to sign up before doing anything.

0 votes

Erez Zukerman

Wow, this is really disappointing! :( Turns out Burn Note launched a new version (shown here) right after this post was written (three days before it was published).

Having to provide an email address to use the service is a real blow to privacy. How lame.

0 votes

Erez Zukerman

Upon testing the service again, it turns out it doesn’t send a validation email, so you can provide any random address as your email — doesn’t have to be a real one (I tried bla@bla.com and it worked). so… not as good, but still okay I guess.

0 votes

Kamran Hassan

Oh cool. Thanks for that little tip. I just visited Burn Note but was put off by their signup requirement (especially email). Good to know there’s a simple way to work around that.
Keep up the great work, btw! Cheers

0 votes

Douglas Mutay

Yes!!!! That all we need I guess. As long as we don’t give our true email. As for me I have an email specially created for these kinds of website that require validation email and use it whenever I don’t want to receive spam or don’t want to give my true info. I have used it for Burn out and I didn’t even care if they had to send validation info… :-)

0 votes

Bit

One can also embed long text messages in a photo or any image, tell the recipient the password over a phone and send the picture as an attachment..

Another, even better way is to download the free email Certificate from Comodo and then use the digitally signed encryption! More at:

http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html

Regards,

Bit

0 votes

David Etter

I’ve used safe-mail.net for years to send/receive sensitive emails and files with others. They have a neat Safe Box systems which requires a pre-arranged pw, and you can limit the time which the file and email can be read by the recipient.

0 votes

Thomas Petrucha

Hmmm I always use OpenPgP … and all added files in crypt-archives (rar)
… but secure g-mail looks nice … need a try ;)

0 votes

Dallas Smith

Burn note seems very interesting.

0 votes

hotdoge3

Why use Comodo SecureEmail Certificates

Secure Certificates let you digitally sign emails to prove that the attachments and email content actually came from you. Secure Email Certificates allow you to easily encrypt your emails and ensure that the attachments and messages may only be read by the intended recipients. Digitally signing email with a digital Certificate means that it is impossible for anyone to edit the content of your mail without the recipient being alerted.

http://www.comodo.com/home/free/free-protection.php

Secure Email Certificates encrypt your emails