So that your web designer can work on your website, you'll need to give them access to some of your online accounts. These could be accounts for your website, web host, domain registrar, email marketing system, etc. Many people put the username and password into an email and send it to their web designer. Unfortunately, this is a dangerous way to give access! Let's see why, and what to do instead.
Note: In this post I use "web designer" to refer to any person or company outside your business who’s managing your website-related accounts, which could be an agency or freelancer, and could be a designer, developer, online marketer, etc.
Note: This page contains affiliate links. Please see Affiliate Disclosure.
When you send an email, it travels through multiple servers owned by different organizations in different parts of the country or world. Some email service providers will encrypt some portion of the path your email takes, making it unreadable to others. But in many cases, an email is unencrypted during a portion of its path, because not all email service providers cooperate in encrypting email. During those times it's unencrypted, it could be intercepted and read by anyone with access to that network. Sadly, I saw this happen to a family member who sent credit card details by email, then suffered fraudulent charges.
Also, any of the servers your email travels through could save a copy of the email for days, weeks, or years. Most email service providers can read the email on their servers. This helps them process email, but it also means emails can be read by rogue employees, hackers who get into the email service, or governments.
Some people are more comfortable sending passwords by text message. Unfortunately, text messaging (SMS) is not a secure communication method; it has many of the same problems as email.
If you shouldn't send passwords by email or text message, how should you send them?
First, ask yourself whether you actually need to send a password. Many online accounts allow you to add users. For example, if you have a WordPress website, you can create a new account which has its own password. That way, you don't need to give your WordPress password to your web designer.
If creating a separate account isn't an option, and you must share your password, consider using a password manager. If you and your web designer both use the same password manager, you may be able to share your password through it. For example, LastPass makes it easy to share passwords with other LastPass users.
If neither of the above options works, you can use a secure messenger, which I'll cover next.
If you and your web designer both use Apple devices (Mac, iPhone, iPad, Apple Watch, etc.), you can use Apple’s iMessage system, which powers its Messages app. Messages sent to other Apple devices are end-to-end encrypted, so they can't be read by others. (Apple can read your messages in iCloud if you have iCloud Backup enabled.)
If you and your web designer both have the Facebook Messenger app installed, you can enable Secret Conversations to end-to-end encrypt your messages. It's only available if you're both using the Facebook Messenger app, not Facebook Messenger in a web browser.
If you and your web designer both have WhatsApp installed, you can use it for end-to-end encrypted messaging.
If you or your web designer don't both have any of the above, you can both agree to use one, or, if you don't want to do that, you can use PrivateBin. It’s a web-based tool that allows you to send text with end-to-end encryption. You enter your password in the Editor, then choose your options at the top of the screen. I recommend setting an expiration, enabling the Burn after reading option (which causes the text to self-destruct after it’s read), and setting a password. Then, click Send.
It will give you a link you can send to your web designer by email, text message, or any way you'd like. Be sure to send the password through a different channel than you use to send the link. For example, if you send the link by email, then send the password by text message. That makes it less likely that someone will intercept both.
Does your web designer or web agency treat your confidential data casually? Do you want a web agency that helps, rather than hurts, your security? At OptimWise, we work hard to secure our clients' data and websites. Contact us today!