More secure password communication
Our vendor needs some access to our test server, and thus we send them email with username/password (i think it's unencrypted). What is the most unintrusive way to bump up开发者_如何学Go the security level?
Thanks
Call them on the telephone.
Send the two parts with separate communication channels.
Use a combination of any two of the following.
Voice phone call.
Fax.
Snail Mail.
Encrypted Email.
Separate channels makes it very hard to reconstruct the credentials.
Depending a the level of security you're going for. It's usually inversely proportional to convenience. So here are some in order of least secure.
- Zip file with password protection (winzip)
- If you're both using Windows send them the information in locknote.exe. It's very easy and the security in the code is very tight. ( http://www.steganos.com/us/products/for-free/locknote/overview/ )
- Get their public key and have them SCP to your server to pick up the password file.
- Setup encrypted email and either send them your key or setup your public key on a public key server.
These are just some thoughts off the top of my head.
Call them, especially if you already know their voice. A more traditional solution (that requires some setup) is GPG.
精彩评论