UVM IT hosts an instance of Password Pusher, an open-source service which allows for the secure sending of sensitive information such as passwords and recovery keys.
Rather than sending such information across a system like email, Password Pusher allows for the generation of unique, randomly-generated browser links which display the password on opening. These links will delete automatically after a certain number of days or after a certain number of views – whichever comes first.
Why should you use Password Pusher?
Emailing passwords is inherently insecure. The greatest risks include:
- Emailed passwords are usually sent with context to what they go to or can potentially be derived from email username, domain, etc.
- Email is inherently insecure and can be intercepted at multiple points by malicious entities.
- Emailed passwords live in perpetuity (read: forever) in email archives
- Passwords in email can be retrieved and used later on if an email account is stolen, cracked, etc.
Sending a Password using Password Pusher
An expired Password Pusher link must be recreated and sent again
After a password link expires, it is deleted from the Password Pusher system. Be sure to communicate the limited lifetime of the link.
- Visit go.uvm.edu/pwpush.
- Type in the password that you’d like to send
- Set the expiration conditions – you can set both the maximum number of views or the maximum amount of time before the password is deleted
- Click Push it! to generate the password link
- Copy the password link from the box or by clicking on the Copy to Clipboard button
- Send the link to the recipient