This doc explains one of the methods we recommend for sharing secrets safely, with the caveat that the safety is neither absolute nor guaranteed.
Don’t forget that sharing secrets is dangerous even if sometimes necessary.
In Person #
Sharing secrets in person is a pretty safe way to do it, as long as you take minimal precautions.
- Make sure nobody is looking over your shoulder when you’re entering a password.
- Don’t say passwords or other secrets out loud.
- Avoid public spaces.
- Avoid public wifi hotspots or use VPNs and other measures to mitigate the risks.
- And so forth…
If you sit down with one of our team members in person to meet or work collaboratively, you can share secrets with us directly and we will immediately add the secrets to our password manager. Having no technical intermediary significantly reduces risk as long as we’re all cautious when actually sharing the secrets.
Voice Calls or Video Conferences #
Sharing secrets while on a call is less secure than a truly in-person session. But if it’s unavoidable, you should be even more cautious about it.
- Use an encrypted voice or video call.
- Avoid using a phone, as they usually aren’t encrypted.
- Avoid sharing the secrets out loud, especially if you’re in a public space.
- Don’t record the conversation and ask the other parties not to record them as well. You can never guarantee that a digital conversation won’t be recorded, but you can reduce the likelihood but simply disabling the built-in recording mechanisms.