More secure password communication

Our vendor needs some access to our test server, and thus we send them email with username/password (i think it's unencrypted). What is the most unintrusive way to bump up开发者_如何学Go the security level?

Thanks

Call them on the telephone.

Send the two parts with separate communication channels.

Use a combination of any two of the following.

• Voice phone call.

• Fax.

• Snail Mail.

• Encrypted Email.

Separate channels makes it very hard to reconstruct the credentials.

Depending a the level of security you're going for. It's usually inversely proportional to convenience. So here are some in order of least secure.

1. Zip file with password protection (winzip)
2. If you're both using Windows send them the information in locknote.exe. It's very easy and the security in the code is very tight. ( http://www.steganos.com/us/products/for-free/locknote/overview/ )
3. Get their public key and have them SCP to your server to pick up the password file.
4. Setup encrypted email and either send them your key or setup your public key on a public key server.

These are just some thoughts off the top of my head.

Call them, especially if you already know their voice. A more traditional solution (that requires some setup) is GPG.