RefBan

Referral Banners

Tuesday, May 15, 2012

From Saucy Pics to Passwords: How to Share Sensitive Information Over the Internet

May 15th, 2012Top Story

From Saucy Pics to Passwords: How to Share Sensitive Information Over the Internet

By Whitson Gordon

From Saucy Pics to Passwords: How to Share Sensitive Information Over the InternetRaise your hand if you've shared a username and password with someone over IM? Ever share a document with your SSN or other extremely sensitive information without protecting it? How about if you've sent, erm...scandalous pics to your significant other? Thanks to the internet, we share more than ever, and so quickly and easily that we do it without a second thought. That's great, but it may be time you learn a little about how to do that sharing in a more secure fashion.

Here, we'll walk through the easiest and most secure ways to share files, passwords, and other data with people you trust. There are countless other methods out there, but these are our favorites. The method you use to share data should depend on what you're sending, how secure you want that material to be, and how willing you are to take proper security methods.

Securely Share Passwords and Other Simple Information

If you're just sending a username, password, or other line of text (like a credit card number), protect your info with a few simple tricks:

Easy and Pretty Secure: Break the Message Up Into Chunks

Sometimes all it takes to increase your security is a little obscurity, and that's what this method is all about. You send the sensitive data over separate channels so that only the recipient is likely to have context for what it all means. Let's say you wanted to share a username and password with someone over the internet. Here's the basic idea:

From Saucy Pics to Passwords: How to Share Sensitive Information Over the Internet

  1. In an email, send the username with an accompanying message—something like "I've texted you the FTP password".
  2. Text the password separately, with no context.
  3. The recipient receives the password, saves it elsewhere, and deletes the text message.

Even if your recipient doesn't delete the message (which you can't count on), a snoop would have no context for what it applies to. The basic idea could work in any direction, as long as you're separating the context from the information. Is it 100% foolproof? Absolutely not. But it's better than nothing, which is what many of us are doing now.

If you want to get even more creative, you could send someone the first half of the password via SMS, the second half via email, and let the recipient know over IM how it's been broken up. That way, a thief would have to have access to both their email, IM account, and their phone. You get the idea.

Less Practical, But More Secure: Use LastPass

From Saucy Pics to Passwords: How to Share Sensitive Information Over the InternetPassword management service LastPass is still one of the most secure ways to create and store passwords, and if your recipient is also using it (or if you can convince them of how great it is and get them signed up), sharing passwords and other small notes securely is extremely easy. Just pop into your LastPass vault, click the "Share" link next to the password or secure note you want to share, type in your recipient's email address, and LastPass will take care of the rest—securely. If you're sharing login credentials, you can choose to share the actual password (so your recipient can learn what it is) or just share access to the credentials in question, so your friend or colleague can log without actually learning your password. For more info on how to share passwords with LastPass, check out our how-to on the subject.

Securely Send Documents and Other Files

If you need to send full documents—like paperwork for your job or a saucy photo—you'll need the help of an external service. Here are our favorite ways to securely send files.

Easy and Pretty Secure: Share it with Dropbox

Even if your recipient isn't using the popular file-syncing service Dropbox, you can still use it to securely share files with them. Here's how:

From Saucy Pics to Passwords: How to Share Sensitive Information Over the Internet

  1. Drag the file into your Dropbox. Anywhere in your Dropbox is fine; it doesn't need to go in your Public folder.
  2. Once your file is synced (you'll know it is once it's got that green check mark next to it), right-click on it and choose Dropbox > Get Link. This will copy its shareable link to your clipboard.
  3. Send that link over email or text message to your recipient, and they'll be able to securely download your file.

Since Dropbox encrypts everything you upload and download over a secure HTTPS connection, your file transfer should be secure from start to finish. The one notable exception: Dropbox's mobile app doesn't use an encrypted connection, so be careful not to upload the file from your phone over an open Wi-Fi connection, and if your recipient does use Dropbox (and you want to share the file with them through Dropbox's shared folders), make sure they don't use the mobile app to download it.

If you want to add a little extra security to this method (since anyone with access to your recipient's email could click the link and get the full file), you could use also employ the "half and half" method from section one: Send half the link to your recipient over email, and the other half over text message. They'll have to type it in manually instead of just clicking on it, but as long as their phone and email are secured with passcodes, this creates another level of security a thief would have to go through to get at your file.

Less Practical, But More Secure: Send It In an Encrypted ZIP File

The most secure way to send a file, though, is to encrypt it with a password. There are a lot of ways to do this, but we like to use our favorite archive utility, 7-Zip. Here's how to do it:

From Saucy Pics to Passwords: How to Share Sensitive Information Over the Internet

  1. Select the file or files you want to send, then right-click on them and go to 7-Zip > Add to Archive.
  2. In the window that pops up, stick with the default values. Under "Encryption", enter a password and choose AES-256 as the encryption method. Then click OK to create the archive.
  3. Email the resulting ZIP file to your recipient, and send them the password over text message or some other medium (don't put it in the same email as the file!) so they know how to open the archive.

This method is very secure, but it has one downside: this method requires that your recipient have a program that can open encrypted archives. Windows' native ZIP handling does not, so they'll need to download something like 7-Zip, PeaZip, or another good archive utility to open it up. And, if one of you is on a Mac, there are some other good compression apps that will let you password-protect your files, though most cost a bit of money.

For the Sexting Crowd: Nothing Is Foolproof; When In Doubt, Give It to Them In Person (or Don't Send It at All)

The methods above assume that you trust the person you're sending information to, and that that information isn't saucy enough to tempt them to spread it around. Your boss probably isn't going to start passing out your Social Security number, but a password to your Facebook account or a sexy photo is a lot riskier. Even if you trust the someone now, there's no telling what may happen in the future.

From Saucy Pics to Passwords: How to Share Sensitive Information Over the InternetA lot of apps have popped up over the years that "self destruct" messages after sending them, the latest of which is SnapChat—an iPhone app that automatically deletes your photo from a recipient's phone after they've seen it for a few seconds, but keep in mind that these are far from secure. Anyone could take a screenshot of their phone within those seconds to create a version of the photo that lasts forever, and then you're really in trouble. Besides, do you really want to trust a third party app you've never heard of with your drunken sexts?

The fact is, if something can be seen, it can be copied, and security extends only so far as you trust the recipient of that private info—whether it's a password or a picture.

In the end, for most exchanges of sensitive data, nothing's more secure than the tried and true in-person hand-off. It reduces the number of servers your data is duplicated on or spread across, it decreases the vulnerabilities that a snoop might try to exploit, and it ensures that the person you intended it for is the recipient.

If you have to send sensitive information into your office, hand it to them in person if you can. If you don't like a paper copy, encrypt your file on a thumb drive and hand that off in person. If it's something you don't have to send (e.g., things on the saucy end of the spectrum), you'd better have a lot of faith in the person you're sending to—or you're better off not sending it at all. After all, everyone has a camera or scanner these days, and if it's tempting enough, there's nothing to keep your recipient from spreading it around on the internet. Keep your private stuff close at hand and you'll never end up like [insert latest celebrity with a sex tape].


As we said before, these are only a few ways to securely send information over the internet, but there are countless others. If you have a favorite method that we didn't mention, share it with us in the comments.

Title image remixed from Mayer George Vladimirovich and mkabakov.

Number of comments

No comments: