Blog | G5 Cyber Security

Securely Share Zip File Passwords

G5 Cyber Security

TL;DR

Don’t email passwords in plain text! Use a password manager to share securely, or send the password via a separate channel like SMS/phone call. Avoid methods that store passwords unencrypted.

How to Share Zip File Passwords Safely

  1. Understand the Risks: Sending a zip file password in the same email as the zip file is very insecure. Anyone gaining access to your email (or theirs) can easily retrieve both, defeating the purpose of encryption.
    Sending passwords via instant messaging apps like WhatsApp or Slack isn’t much better – these platforms often don’t offer end-to-end encryption by default.
  2. Password Managers: The Best Option
    • Most password managers (like LastPass, 1Password, Bitwarden) allow you to securely share passwords with others.
    • You create a shared folder or item within the manager and grant access to the recipient. They don’t need an account with your specific manager; they can often view it through a web link.
    • This keeps the password encrypted during transit and storage.
  3. Separate Communication Channels: If you can’t use a password manager:
    • Phone Call: The most secure method is to verbally communicate the password over the phone.
    • SMS/Text Message: Use SMS only if other options aren’t available, and be aware it’s less secure than a call. Avoid sending it in the same message as any details about the file itself.
  4. Avoid These Methods:
    • Plain Text Email: Never send the password directly in an email, even if you think your email is secure.
    • Word Documents/Text Files: Don’t embed the password in a separate document attached to the same email as the zip file. These files are easily accessed.
    • Cloud Storage Notes: Avoid storing passwords in notes within cloud storage services (Google Docs, Dropbox Paper) unless they have strong encryption and access controls.
  5. Password Complexity & Length: Regardless of how you share it:
    • Use a strong password! At least 12 characters long, with a mix of uppercase and lowercase letters, numbers, and symbols.
    • Consider using a password generator to create a random, complex password.
  6. After Sharing:
    • If you used a temporary sharing method (like SMS), remind the recipient to delete the message after use.
    • Revoke access if you shared via a password manager once they’ve retrieved the password.

Example: Generating a Secure Password

You can generate a strong password using command-line tools:

openssl rand -base64 16

This will output a random, 16-character (or longer) password. Remember to share it securely!

Exit mobile version