Re: Secure communication of passwords

[Mike Osterman <ostermmg () WHITMAN EDU>]

Apart from this product (https://aboutlockify.com), which is still in beta for the Chrome App and Extension and private 
beta for accounts, a colleague of mine came across this site:
http://oneshar.es

While you have no way of knowing what they're going to do with the data (their claims: https://oneshar.es/about), it 
seems like they'd also need to have access to either your or the recipient's email to correlate what they have with 
what it goes with, provided you *only* put the credential in the site, separate from the service it corresponds to and 
the username.

-Mike

> On Jan 28, 2015, at 1:35 PM, Ric Getter <ric.getter () PCC EDU> wrote:
>
> I occasionally have to send a product license key to a user for a product I asked them to download initially as a 
> demo. At the recommendation of our security manager, I send these out in a separate email that simply says, "Your 
> license key," after informing the user to expect it. 
>
> I'll be interested in hearing other's answers.
>
> Ric
>
>
>
> Ric Getter
> Programmer/Analyst I - TSS Enterprise Applications Team
> Portland Community College - Sylvania
> 971-722-8036
>
>
> On Wed, Jan 28, 2015 at 1:26 PM, Thomas Carter <tcarter () austincollege edu <mailto:tcarter () austincollege edu>> 
> wrote:
> On occasion we need to communicate a password (with a possible username) with a user. This is generally for some 
> external system that doesn’t integrate into existing authentication mechanisms. Per our policy, we can’t send the 
> password via email and it shouldn’t be written down. We generally try to communicate it via a phone call if possible, 
> with a text message to a verified number as a backup. Unfortunately neither of these are convenient, so I wondered 
> what others are using for this task.
>
>  
>
> Thomas Carter
>
> Network and Operations Manager
>
> Austin College
>
> 903-813-2564 <tel:903-813-2564>
> <image001.gif>
>
>