Send Secure Info Over the Internet

Michael Spector (and yes, he's my brother) asked how to safely email passwords, account numbers, and other sensitive information.

You can't trust Internet email with potentially compromising information, such as your credit card or account numbers, social security numbers, or important passwords. As your message moves from one server to another, several people have the opportunity to read it.

So what should you do when you have to get sensitive information to someone, and snailmail just isn't fast enough? I'll give you several solutions.

Whatever option you pick, see What Is the Best Way to Create Strong Passwords? And if you have to share the password with the recipient, use the phone--just to be safe.

Public/Private Key Encryption: This elegant solution is supported by several programs, including Outlook 2007. The public key can encrypt but not decrypt, so you can safely share it with anyone. You keep the private key, which does the decrypting, to yourself.

Unfortunately, both the sender and the recipient must set up this type of encryption, and it's not easy for the less technically inclined. That makes this a good choice in a business environment where everyone has an IT department, but not for occasional, personal communication.

Password-Protected .Zip Files: Depending on what software you use to create compressed .zip archives, you may or may not have an option to password-protect the files inside it. And that option may or may not support high-quality AES encryption.

And don't go this route if it doesn't support AES. The .zip format's standard password protection is easy to hack.

Luckily, many third-party .zip programs support AES encryption, and they're compatible with each other. These include industry leader WinZip, and the free, open-source 7-Zip. Whatever program you use, make sure you pick the AES option when you compress and encrypt your files.

Unfortunately, Windows' built-in .zip tool doesn't support AES, so you can't simply assume that your recipient will be able to open your archive. If they don't have a compression program that supports AES .zips, don't want to install one, or don't know what you're talking about, this isn't your option.

Secure Message and File-Sending Services: You don't have to actually email your private information. You can upload it to a secure web site, and let the recipient download.

I'm recommending one service in particular: Send. (the period is part of the company name). It's free, and you don't even have to share your password with the recipient. Each person has their own private password.

When you post a message on Send., the site emails a notice to the recipient, who will need their own free Send. account to access your message.

There's a slight chance that a criminal will intercept that first email and create the account before the legitimate recipient does. To avoid this, send an initial message with nothing confidential in it. That way, the recipient will be safely signed up, with their own, hopefully strong password, before you send them something important.

Add your comments to this article below. If you have other tech questions, email them to me at answer@pcworld.com, or post them to a community of helpful folks on the PCW Answer Line forum.

Subscribe to the Security Watch Newsletter

Comments