Raise your hand if you’ve shared a username and password with someone over IM? Ever share a document with your SSN or other extremely sensitive information without protecting it? How about if you’ve sent, erm… scandalous pics to your significant other? Thanks to the internet, we share more than ever, and so quickly and easily, that we do it without a second thought. That’s great, but it may be time you learn a little about how to do that sharing in a more secure fashion.
Here we’ll walk through the easiest and most secure ways to share files, passwords and other data with people you trust. There are countless other methods out there, but these are our favourites. The method you use to share data should depend on what you’re sending, how secure you want that material to be, and how willing you are to take proper security methods.
Securely Share Passwords and Other Simple Information
If you’re just sending a username, password or other line of text (like a credit card number), protect your info with a few simple tricks:
Easy and Pretty Secure: Break the Message Up Into Chunks
Sometimes all it takes to increase your security is a little obscurity, and that’s what this method is all about. You send the sensitive data over separate channels so that only the recipient is likely to have context for what it all means. Let’s say you wanted to share a username and password with someone over the internet. Here’s the basic idea:
1. In an email, send the username with an accompanying message — something like “I’ve texted you the FTP password”.
2. Text the password separately, with no context.
3. The recipient receives the password, saves it elsewhere and deletes the text message.
Even if your recipient doesn’t delete the message (which you can’t count on), a snoop would have no context for what it applies to. The basic idea could work in any direction, as long as you’re separating the context from the information. Is it 100 per cent foolproof? Absolutely not. But it’s better than nothing, which is what many of us are doing now.
If you want to get even more creative, you could send someone the first half of the password via SMS, the second half via email, and let the recipient know over IM how it’s been broken up. That way, a thief would have to have access to both the email, IM account and the phone. You get the idea.
Less Practical, But More Secure: Use LastPass
Password management service LastPass is still one of the most secure ways to create and store passwords. If your recipient is also using it (or if you can convince them of how great it is and get them signed up), sharing passwords and other small notes securely is extremely easy. Just pop into your LastPass vault, click the “Share” link next to the password or secure note you want to share, type in your recipient’s email address, and LastPass will take care of the rest securely. If you’re sharing login credentials, you can choose to share the actual password (so your recipient can learn what it is) or just share access to the credentials in question, so your friend or colleague can log without actually learning your password. For more info on how to share passwords with LastPass, check out our how-to on the subject.
Securely Send Documents and Other Files
If you need to send full documents — like paperwork for your job or a saucy photo — you’ll need the help of an external service. Here are our favourite ways to securely send files.
Easy and Pretty Secure: Share it with Dropbox
Even if your recipient isn’t using the popular file-syncing service Dropbox, you can still use it to securely share files with them. Here’s how:
1. Drag the file into your Dropbox. Anywhere in your Dropbox is fine; it doesn’t need to go in your Public folder.
2. Once your file is synced (you’ll know it is once it’s got that green check mark next to it), right-click on it and choose Dropbox > Get Link. This will copy its shareable link to your clipboard.
3. Send that link over email or text message to your recipient, and they’ll be able to securely download your file.
Since Dropbox encrypts everything you upload and download over a secure HTTPS connection, your file transfer should be secure from start to finish. The one notable exception: Dropbox’s mobile app doesn’t use an encrypted connection, so be careful not to upload the file from your phone over an open Wi-Fi connection. If your recipient does use Dropbox (and you want to share the file with them through Dropbox’s shared folders), make sure they don’t use the mobile app to download it.
If you want to add a little extra security to this method (since anyone with access to your recipient’s email could click the link and get the full file), you could use also employ the “half and half” method from section one: send half the link to your recipient over email, and the other half over text message. They’ll have to type it in manually instead of just clicking on it, but as long as their phone and email are secured with passcodes, this creates another level of security a thief would have to go through to get at your file.
Less Practical, But More Secure: Send It In an Encrypted ZIP File
1. Select the file or files you want to send, then right-click on them and go to 7-Zip > Add to Archive.
2. In the window that pops up, stick with the default values. Under “Encryption”, enter a password and choose AES-256 as the encryption method. Then click OK to create the archive.
3. Email the resulting ZIP file to your recipient, and send them the password over text message or some other medium (don’t put it in the same email as the file!) so they know how to open the archive.
This method is very secure, but it has one downside: this method requires that your recipient have a program that can open encrypted archives. Windows’ native ZIP handling does not, so they’ll need to download something like 7-Zip, PeaZip or another good archive utility to open it up. And, if one of you is on a Mac, there are some other good compression apps that will let you password-protect your files, though most cost a bit of money.
For the Sexting Crowd: Nothing Is Foolproof
The methods above assume that you trust the person you’re sending information to and that the information isn’t saucy enough to tempt them to spread it around. Your boss probably isn’t going to start passing out your tax file number, but a password to your Facebook account or a sexy photo is a lot riskier. Even if you trust the someone now, there’s no telling what may happen in the future.
A lot of apps have popped up over the years that “self destruct” messages after sending them, the latest of which is SnapChat — an iPhone app that automatically deletes your photo from a recipient’s phone after they’ve seen it for a few seconds — but keep in mind that these are far from secure. Anyone could take a screenshot of their phone within those seconds to create a version of the photo that lasts forever, and then you’re really in trouble. Besides, do you really want to trust a third-party app you’ve never heard of with your drunken sexts?
The fact is, if something can be seen, it can be copied, and security extends only so far as you trust the recipient of that private info — whether it’s a password or a picture.
In the end, for most exchanges of sensitive data, nothing’s more secure than the tried and true in-person hand-off. It reduces the number of servers your data is duplicated on or spread across, it decreases the vulnerabilities that a snoop might try to exploit, and it ensures that the person you intended it for is the recipient.
If you have to send sensitive information into your office, hand it to them in person if you can. If you don’t like a paper copy, encrypt your file on a thumb drive and hand that off in person. If it’s something you don’t have to send (e.g. things on the saucy end of the spectrum), you’d better have a lot of faith in the person you’re sending to — or you’re better off not sending it at all. After all, everyone has a camera or scanner these days, and if it’s tempting enough, there’s nothing to keep your recipient from spreading it around on the internet. Keep your private stuff close at hand and you’ll never end up like [insert latest celebrity with a sex tape].
As we said before, these are only a few ways to securely send information over the internet, but there are countless others. If you have a favourite method that we didn’t mention, share it with us in the comments.