Occasionally it can become necessary to transmit confidential information (such as account user-names and passwords) to co-workers or family members via electronic means. Because of concerns related to account hacking and ghosting (ghosting being where a hacker compromises and then monitors a communications band such as e-mail looking for more credentials), some thought should be given to how we go about transmitting this information to others. As there are typically three vital pieces of information associated with any account (vendor name, user-name, password), it becomes important to refrain from using the same “communications band” to transmit all three bits of information for any given account. “Out of band” communication thus would be any communication mechanism other than your primary mechanism, or another besides the one you are already using. So if you are on the phone, transmit at least one piece of account info using a different method. Here are some further tips for consideration.
- Avoid using the same password at multiple vendors. Doing so can lead to multiple accounts being compromised at once.
- If you are conversing about a vendor’s logon over a voice line, one could verbally transmit the user-name while using another method to transmit the password (SMS text, Skype, Microsoft Teams, WhatsApp, etc.).
- If you are conversing via text message (or other program) and have already referenced the user-name, one could verbally transmit or use an alternate application (Voice, WhatsApp, MS Teams, etc.) to transmit the password.
- Consider deleting historical records of password transmissions (text messages or e-mails containing this information). Should a person’s phone or e-mail become compromised, we wouldn’t want this information in plain text (allowing anyone with access the ability to search through our records).
Utilizing the concept of “out of band” communication when transmitting multiple pieces of sensitive information gets easier with practice, but unfortunately is a must given current Internet security concerns. I am aware of at least one recent example where a mailbox was compromised and the hacker searched the mailbox for other user/pass combos. Thus keeping all three pieces of this vendor information together in clear text in one’s Outlook could cause major trouble if an account became subject to ghosting for example. Storing this information securely in a well-engineered application designed specifically for this purpose (such as LastPass, Dashlane, Keeper, or Passportal) is becoming essential. Feel free to call us for more information if you would like to begin using such a system at your business.