One of the things my clients hear from me all the time is to never, ever send me their passwords in an email. In light of the recent data breach of 16 BILLION login accounts, this could easily lead to a chain reaction where your email gets hacked… and then so do your other accounts, one by one. Here’s why you don’t send passwords in email:

• Emails are not end-to-end encrypted by default
  Most email services don’t use end-to-end encryption, which means your password could be read by anyone who intercepts the message while it’s being transmitted or stored on a mail server.
• Emails linger indefinitely
  Once you send a password via email, it may sit in the recipient’s inbox for years — searchable, copyable, and potentially readable by anyone who gains access to their account.
• Email accounts can get hacked
  If a hacker get into your recipient’s inbox or your sent mail folder, they can search for sensitive terms like “password” and instantly find your credentials.
• Accidental forwarding or reply chains
  It’s easy for a password in an email to be forwarded by mistake, included in a long reply chain, or shared with someone it wasn’t intended for.

So don’t. Not even just that short note over to your colleague who needs to get into something real quick. No. Just no. Don’t do it.

Optimally, to share a password, you’d use a secure password manager that can share login information without actually sharing the password itself, such as Dashlane. But that can take some time to set up.

A faster solution is pwpush.com. This service creates a one-time link that self-destructs after a set number of views or a time limit. This limits the exposure window and prevents the password from being stored in an insecure location long-term. So even if someone gets into your email and starts digging around, the actual password is long gone.