Stop Emailing Passwords. Seriously, Stop.
Your team is probably sharing credentials the worst way possible here's what to do instead.
It happens every day. Someone on your team needs to share a login with a colleague, so they type the password into an email, hit send, and move on with their day.
That one email just became a ticking time bomb sitting in two inboxes, fully readable by anyone who gains access to either account β now or years from now.
At MSPE, we see this constantly across the businesses we work with. It's one of the easiest security problems to fix, yet one of the most ignored.
Why Sending Passwords in Plain Text Is a Terrible Idea
1. Emails Are Not Private Vaults π΅οΈ
An email with a password in it doesn't just live in the recipient's inbox. It sits in your sent folder, their inbox, potentially on a mail server backup, and in any forwarded threads. That's multiple copies of a credential floating around with zero expiry and zero protection. It's the digital equivalent of taping your house key to the front door.
2. Anyone on the Network Could Be Watching π
Emails β especially those sent without TLS enforcement β can be intercepted in transit. Even within a corporate network, unencrypted email traffic can be sniffed by anyone with the right tools and the wrong intentions. Your password becomes everyone's password.
3. One Compromised Inbox Unlocks Everything π
If an attacker gains access to just one mailbox through phishing or credential stuffing, every password ever shared via email in that account is now compromised. They don't even need to hack anything else β you've handed them the keys in a neatly searchable archive.
The Fix: Use a Password Manager
There's no reason to take this risk when better tools exist. A proper password manager gives your team a secure, encrypted way to store, generate, and share credentials β without ever exposing them in an email or chat message.
Here's what a good password manager does for you:
Encrypted sharing. Instead of pasting a password into an email, you share it through an encrypted channel. Only the intended recipient can access it β not your email provider, not an attacker on the network, not someone digging through old inboxes.
One-time secure links. Most enterprise-grade password managers let you send a credential via a link that expires after a single view. Once it's seen, it's gone. No lingering copies, no searchable trail.
Auto-generated strong passwords. Your team stops reusing "Company2026!" across twelve platforms. The manager generates unique, complex passwords for every account β and remembers them so your team doesn't have to.
Centralized control. When someone leaves the company, you revoke their access in one place. No more wondering which passwords they still know or which sticky notes they took home.
What You Should Tell Your Team Today
Roll out one simple rule: never put a password in an email, a Slack message, a Teams chat, or a text. If you need to share a credential, use your password manager's secure sharing feature β every time, no exceptions.
This isn't about being paranoid. It's about closing one of the most common and most preventable attack vectors that exists.
Not Sure Which Password Manager Is Right for You?
That's exactly where MSPE comes in. We don't push one product on every client. We assess your team size, your workflow, your compliance requirements, and your budget β then recommend the password manager that actually fits. Whether you need something lightweight for a 10-person office or a full enterprise vault with role-based access controls, we'll find the right tool and set it up properly.
Because the best password manager is the one your team will actually use.
Ready to stop passwords from floating around in your inbox? Reach out at info@mspe.pro β we'll get you sorted.
MSPE β Unlocking the Power of Choice. Managed IT & Cybersecurity Services for SMBs, Schools, Law Firms & Charities.
