I’ve always tried to separate passwords from emails containing a username and/or password protected document. When you send a password in the same email as a username and/or password protected document your “security” is useless. Even if you send the password in a separate email it takes the same data path, has the same data source, and it has the same data destination. if that email or emails are intercepted, or someone views the source and/or destination that username and/or password protected document is not secure.
I strongly believe in out-of-band communication. This means you separate the username and/or password protected document by sending the PASSWORD VIA COMPLETELY SEPARATE PATH WITH THE SOURCES AND DESTINATIONS BEING SEPRATE FROM THE SOURCES AND DESTINATIONS FROM THE USERNAME AND/OR PASSWORD PROTECTED DOCUMENT. Here is what I do:
1. Send the username and/or password protected document via email. Let the end user know you’ll be sending the password via cell phone text message. If someone intercepts it, looks at your sent items, or accesses their inbox they won’t have the password.
2. Send the password from your cell phone to their cell phone via text message with nothing else in the message. Just send the password.
What this does is completely separates the username and/or password protected document from the password by two completely separate paths, sources, and destinations. It also requires you(the source) and the destination (other person) to have 2 pieces of the puzzle to put them both together. With only 1 piece of the puzzle it’s pretty useless.
Sure someone can get the email then grab your cellphone but the more difficult you make it for someone the harder it is. I also believe in having a locked cell phone when you are not viewing the screen.