When you share passwords, usernames, or other sensitive credentials, email is the weakest link in the chain. It’s not encrypted end to end, it can be forwarded without your control, and it often stores data indefinitely. That’s why we use a secure data-sharing platform such as PWPush.
Platforms like this allow you to safely send login information without exposing it directly. By creating an account, you also gain access to an audit log (to track who accessed what and when) and can add internal notes visible only to you.
Here’s how to send credentials securely:
- Use PWPush or a similar secure platform to send the password or username.
- Create an account if you haven’t already
- Set a passphrase lockdown on the secret before sharing it.
- Send the passphrase (to unlock the secret) and the login URL, if applicable, via a separate channel (phone, text, Slack, Teams, etc.).
- Send only the URL for the secret via email.
This approach keeps credentials protected, traceable, and compliant with good security hygiene.
Create new dedicated accounts when possible
Whenever possible, avoid handing over usernames and passwords for accounts your team already uses internally. Shared access might feel quick and convenient, but it usually turns into a headache: no clear ownership, no visibility into who did what, and no easy way to revoke access without breaking your own workflow.
Instead, create a dedicated account for us using the email address below:
This keeps things tidy on your side and transparent on ours. You maintain full control over your internal accounts, and we can work without stepping on anyone’s toes (or accidentally logging out someone else mid-task).
If the platform allows role-based access (admin, editor, viewer), choose the level that lets us do the job. There is no need to hand out the master keys unless absolutely necessary.
