I sometime break the protocol (because of the amount of work we do ;) ) and one day I was reminded by my lead to follow the Security Protocol very politely. He send an email to me as "Please do not send App IDs and Passwords in the
same email." Then I realized and reset the password and send it to the recipient as per the company standard.
The standard that we follow is:
1. Login IDs and password should be in separate emails.
2. Emails for password should be marked Confidential.
3. Emails of Passwords should use “To” line only, not CC or BCC line.
4. Emails of Passwords should never use Group email Ids as recipients.
5. Recipient should be individual email Ids only.
2. Emails for password should be marked Confidential.
3. Emails of Passwords should use “To” line only, not CC or BCC line.
4. Emails of Passwords should never use Group email Ids as recipients.
5. Recipient should be individual email Ids only.
or alternately,
1. Put the Login Id and Password in a document (word, excel, pdf etc.).
2. Encrypt the document with a password.
3. Send the document (marked confidential) to recipient only in an email.
4. Send the password to the document via separate email (marked confidential) to recipient only. and follow above steps 2 to 5.
This will procedure will work in any company as best practice to share passwords to others, but anyhow try to find what is your company protocol/standard as well.
Below are the sample Email classifications and Sensitivity type that are in use for different companies.
Sample 1:
Sample 3:
Thanks- I hope it will help.