How to Send Sensitive, Secure Emails, Passwords, and Files Without Fear

Erez Zukerman 06-12-2012

secure email
So, here’s a common case: You need to share a password with someone, but if you just email it to them, it’s going to languish in their inbox and be exposed to any future hacker that might gain access to their account. Or perhaps you want to share a longer note, but don’t want to email it for the same reason: You don’t want the other side to have a permanent record of it, and you don’t want it to be intercepted by third parties. Finally, you might want to share a file securely, and be able to remove it once the other party (or parties) get it.


No matter your scenario, I’ve rounded up several solid ways to get your data across securely and privately. No single way provides perfect security (what is, really?), but they sure beat plain text notes.

Sharing Passwords and Text

The most important thing you can do after reading this post is to stop emailing passwords in plain text. Seriously – don’t do this, if you care even a little bit about the password in question. Some people send the password along with the service’s name (“My eBay password is …), which is just crazy. But even if you send the password on its own, in an email with no subject or other contextual info, a third party might still be able to infer what the password is for. After all, Gmail (for example) saves chat logs alongside messages – so if you had a Google Talk chat with someone discussing a password and he mentioned emailing it later, an attacker could quickly figure it out.

So, sending encrypted text or securely sharing files can be considered luxuries, but securely sharing passwords is really not.

Old School: Pre-Shared Transposition Cipher

In truth, you don’t need any software to maintain pretty solid security when emailing passwords. Take this, for example:

secure email


Let’s say this is a password I emailed you. Only it’s not really the password: I’ve shifted the letters around a little bit. You and I both know I shifted them, and how, because we’ve discussed it in advance in another medium (say, Skype or phone). But an attacker won’t know I’ve shifted anything, and won’t even suspect it, because passwords often aren’t words or sentences. So the attacker would try to use “maeflrfyt” to log into a website, and would fail and move on… because the text actually says something else. Can you guess what it says? You don’t need any software to figure it out, I promise. Take a moment and try.

Okay, I’ll tell you: It says “makeuseof.” But how does it say that? If you’ve been following my posts, you know I use an alternative keyboard layout called Colemak. So what I’ve done is type the word “makeuseof” using QWERTY key locations, but on a Colemak keyboard. For example, where “k” falls in QWERTY, it’s actually “e” in Colemak:

send secure email

So, anyone who has a Colemak map can easily read this cipher – they just have to know that’s the method I used. Of course, you don’t need an alternative keyboard to use this simple system. Even if you and the other party just agree to shift each letter by two (so, “c” instead of “a”, “b” instead of “z”), your password will far, far more secure than if you email it in plaintext. I like this solution because it requires no third-party software – just a brain.


Without An Account: BurnNote

Okay, but what if you have something a bit longer to share? Say, a saucy email that can get you booted off your senior position in the CIA, or any other passage of text. For longer texts like this, a manual cipher becomes impractical – I wouldn’t expect anyone to slowly analyze a sentence letter by letter. But here’s another caveat: To be extra-secret, you don’t want to open an account anywhere. You don’t want to email your message or be linked to it in any other way. For this kind of work, Burn Note is ideal. This simple service lets you create password-protected notes that self-destroy once opened (the recipient has 180 seconds to read them by default), and can even be protected from copying. Creating a note looks like this:

send secure email

Then, once you click Send, you get a short link:

send secure email


The short link is nice, because it means you can even dictate it over the phone and don’t have to send the link itself in text if you don’t want to.

Then, when your recipient comes to view the message, Burn Note lets them know they have only a limited time to view it:

send sensitive information email

And my favorite part is viewing the message in Spyglass mode (which you, the sender, can specify):


send sensitive information email

Basically, your mouse cursor turns into a circle, and you move the circle over the window to reveal parts of the text. This seems gimmicky at first, but it’s actually brilliant: Not only does this prevent the recipient from copy/pasting the text, but they can’t even make a screenshot saving the message! Someone clearly put quite a bit of thought into this service, resulting in a truly secure and account-less way to share blocks of sensitive text.

With An Account: SafeGmail [No Longer Available]

Okay, so Burn Note is fantastic if you don’t want an account. But what if you don’t mind having an account, and are just looking for a way to quickly encrypt emails? If you use Gmail, you’re in luck: SafeGmail offers a simple and free solution. This free Chrome add-on plugs into the Gmail Web interface, adding an encryption checkbox to every message you compose:


You pick a question showed to your recipient, and specify the answer. Safegmail then encrypts your message using PGP, so it looks like this to your recipient:

send sensitive information email

In other words, just a block of code with a link (the algorithm used is very secure). When clicking through to the SafeGmail interface, the recipient is asked to answer the question you’ve posed:


And then paste in the encrypted email:


Once they do that and click Show My Mail, the message is revealed:


The biggest advantage here is how nicely encryption is integrated with Gmail. I wish decryption was integrated in the same way, but even so, this is a useful service if you routinely email encrypted information.

With A Paid Account: LastPass

Last but certainly not least, there’s the paid version of cloud-based password manager LastPass. The free version can be used to manage your own passwords, but LastPass Premium has a nice feature that lets you securely share passwords with other people.

Sharing Files

Okay, so we’ve seen three different ways to share text – now let’s talk about transferring files. This is simpler, because file-sharing services are incredibly common these days.

Without An Account:

There are many services that let you upload files and share a link with others without opening an account, but sadly, most of them are pretty spammy-looking and full of ads and other nags. One notable exception is the clean, elegant and free

secure email couldn’t be simpler to use, really: Just drag and drop any file onto your browser window (assuming you’re using Chrome), and off it goes. You then get a nice short link to share, and can send it to anyone you wish to give the file to. You can then go back to the same link yourself (as long as you don’t delete your browser cookies or switch computers, of course), see how many people downloaded the file, and quickly remove it from the service. Easy, free, and oh so slick.

With An Account: Dropbox, Google Drive, Or SkyDrive

This is an obvious one, but deserves a mention: Probably the most secure way to share files with specific individuals is using Dropbox, Google Drive, or SkyDrive. Dropbox and Google Drive both have optional two-factor authentication What Is Two-Factor Authentication, And Why You Should Use It Two-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card,... Read More , and if all parties involved switch it on and have strong passwords, the result is a very secure, private transfer medium.

Final Thoughts

Did this post make you re-think your password-sharing habits, or other ways to share information? Do you think Burn Note is useful, or is it just a gimmick? And did I miss a great way to privately share info? Let me know in the comments!

Oh, and one last thing: dyys ilce!

Image credit: 3D Padlock via Shutterstock

Related topics: Email Tips, Encryption, Password.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Les Montani
    March 29, 2016 at 8:49 pm

    I email part of the password and then call and give the rest. For example, if the password is cdnb!!@@sfgb7765 I send cdnb!!@@sfgb and then call the user and instruct to add the number 7765 at the end.

  2. Ollie
    January 20, 2016 at 11:55 pm

    Great topic and coverage of solutions! Anyone try - seems to be simple and fast. And free:)

  3. hotdoge3
    December 27, 2012 at 8:00 am

    Why use Comodo SecureEmail Certificates

    Secure Certificates let you digitally sign emails to prove that the attachments and email content actually came from you. Secure Email Certificates allow you to easily encrypt your emails and ensure that the attachments and messages may only be read by the intended recipients. Digitally signing email with a digital Certificate means that it is impossible for anyone to edit the content of your mail without the recipient being alerted.

    Secure Email Certificates encrypt your emails

  4. Dallas Smith
    December 19, 2012 at 5:04 pm

    Burn note seems very interesting.

  5. Thomas Petrucha
    December 13, 2012 at 8:06 am

    Hmmm I always use OpenPgP ... and all added files in crypt-archives (rar)
    ... but secure g-mail looks nice ... need a try ;)

  6. David Etter
    December 12, 2012 at 12:33 am

    I've used for years to send/receive sensitive emails and files with others. They have a neat Safe Box systems which requires a pre-arranged pw, and you can limit the time which the file and email can be read by the recipient.

  7. Bit
    December 11, 2012 at 9:51 am

    One can also embed long text messages in a photo or any image, tell the recipient the password over a phone and send the picture as an attachment..

    Another, even better way is to download the free email Certificate from Comodo and then use the digitally signed encryption! More at:



  8. André Kamara
    December 7, 2012 at 7:53 pm

    I just visited and it seems like you need to sign up before doing anything.

    • Erez Zukerman
      December 9, 2012 at 2:04 pm

      Wow, this is really disappointing! :( Turns out Burn Note launched a new version (shown [Broken URL Removed]) right after this post was written (three days before it was published).

      Having to provide an email address to use the service is a real blow to privacy. How lame.

      • Erez Zukerman
        December 9, 2012 at 2:06 pm

        Upon testing the service again, it turns out it doesn't send a validation email, so you can provide any random address as your email -- doesn't have to be a real one (I tried and it worked). so... not as good, but still okay I guess.

        • Kamran Hassan
          December 9, 2012 at 4:23 pm

          Oh cool. Thanks for that little tip. I just visited Burn Note but was put off by their signup requirement (especially email). Good to know there's a simple way to work around that.
          Keep up the great work, btw! Cheers

        • Douglas Mutay
          December 10, 2012 at 8:23 am

          Yes!!!! That all we need I guess. As long as we don't give our true email. As for me I have an email specially created for these kinds of website that require validation email and use it whenever I don't want to receive spam or don't want to give my true info. I have used it for Burn out and I didn't even care if they had to send validation info... :-)

  9. Bud
    December 7, 2012 at 5:14 pm

    "A" representing my first name, and "AAAA" my last name

  10. Bud
    December 7, 2012 at 5:11 pm

    With a pre-arranged agreement with another, I simply use " AAAAAAA@AAA.AAA "
    as a means for security and stop spammers, phishing scammers, and the like......

  11. Vishal Srivastava
    December 7, 2012 at 4:59 pm

    Burnout looks amazing. Hoping that I'll be able to try it...

  12. ha14
    December 7, 2012 at 4:24 pm

    Stenography can be interesting to send files hidden in photo.

  13. Douglas Mutay
    December 7, 2012 at 3:47 pm

    Wow. I have always wondered if this was possible. I am especially amazed with burn out. Sound very brilliant. Thanks

  14. Mac Witty
    December 7, 2012 at 2:30 pm

    Looks useful even if I prefer to share it with Dropbox as I always use it

  15. Âdil Farôôq
    December 7, 2012 at 12:23 pm

    really useful post thanks for it :)

  16. Nicola De Ieso
    December 7, 2012 at 10:23 am

    Does safegmail really secure?

    • Nicola De Ieso
      December 7, 2012 at 10:25 am

      How I use Safegmail on the new composition window in gmail?

      • Erez Zukerman
        December 7, 2012 at 10:42 am

        There's an "Encrypt" checkbox as shown in the screenshot above.

        • Nicola De Ieso
          December 7, 2012 at 10:44 am

          But that is the old composition interface. I have the new instead

        • Erez Zukerman
          December 7, 2012 at 10:45 am

          Oh, I suspect that's not supported. Can always ask the addon's developer. :)

        • Nicola De Ieso
          December 7, 2012 at 10:47 am

          Yes, I will ask the developer. Thanks

  17. Bob
    December 7, 2012 at 9:22 am

    Why not use public key encryption. GnuPG (easiest to use with Thunderbird and Enigmail - but many other clients will do) gives you uncrackable encryption for free - why bother with anything less safe.

    • Erez Zukerman
      December 7, 2012 at 9:27 am

      Not all recipients are comfortable with GnuGP, but I did mention one GnuGP-based solution in the post.

  18. Lisa Santika Onggrid
    December 7, 2012 at 6:07 am

    My approach is simple: Never share password. It's meant to be personal.

    • Erez Zukerman
      December 7, 2012 at 7:42 am

      That's definitely sensible. :)

  19. Din One
    December 7, 2012 at 4:50 am

    Does this really safe? Sure no logs on that server?

    • Erez Zukerman
      December 7, 2012 at 7:41 am

      Can never be 100% sure, of course, but looks like it.

  20. Gabriel Rodriguez
    December 7, 2012 at 2:22 am

    Has anyone tried ?is it safe?

    • Douglas Mutay
      December 7, 2012 at 3:48 pm

      I have always used encipher it. I can guarantee you that it's very secure.

      • Gabriel Rodriguez
        December 7, 2012 at 7:03 pm

        Great! I've only used it a couple of times but never felt it was secure enough.

  21. Gman
    December 7, 2012 at 2:14 am

    Further obfuscation. Change all the text color to match the background.

    • Erez Zukerman
      December 7, 2012 at 7:41 am

      Could be nice in combination with the other methods, yes. Especially at the very end of an email message.

    • Giggity Goebbels
      December 9, 2012 at 1:26 pm

      Lol ageee

    • Giggity Goebbels
      December 9, 2012 at 1:26 pm


  22. Scott
    December 7, 2012 at 12:25 am

    Hmmm... I thought the first example said "Mayflower f[or] You Tube." ;-)

    About the Chrome extension: would the developer of that add-on have access to the information that you are encrypting ?

    • Erez Zukerman
      December 7, 2012 at 7:41 am

      As far as I know, they wouldn't.