I had previously talked about password security with cloud computing and how they can be badly compromised.

Over the holidays there was another nasty example, this time feature a Nigerian that was able to exploit 'a weak edge' to gain access to web hosted email. From these emails they were able to find passwords that gave them control of the main corporate account:

http://www.businessin...

This hit home with me. As I hire a number of people on a project-by-project basis I'm often times emailing out sensitive information like passwords, server ips, etc. so that contractors can get their work done. This has made me rethink things. For example, I strongly think I need to delete my gmail archives and keep all of the sensitive client data local (while having everything properly backed up, of course, in case of crash or corruption).

However, I'm not sure what the bigger answer is for sharing that info. What would be ideal would be if telegrams were still around (crazy, no?) When a contractor needed access I could wire over the information and have the paper form delivered - all the speed of the digital age with the security of the 1800's. Unfortunately, the last telegram sent was 2006.

I could just plan ahead and snail mail a letter. However, I often use help in South Dakota and mail often takes a week to get there. That's quite a delay for a developer who just needs to hop on a 2-hour project for some updates.

How do you share passwords among disparate teams? Is there a solution that doesn't mean passwords sitting in a web account somewhere but are at least somewhat speedy?

Matthew Reinbold
Creative Principal, Vox Pop Design, http://voxpopdesign.c...

Maybe give PGP or some other encryption service for your emails a try? Looks like there are some freeware versions of PGP out there.

My only other thought a portal that your users could log in to for that info or a shared Google Doc, but that comes back to passwords stored in a cloud...

The problem is with keeping passwords anywhere 'in the cloud' - or even web based email. Sure, I could employ PGP... but maybe one of my contractors doesn't. If they're compromised then the client information for services, ftp, etc are now compromised. Similar problem for a portal - I can lock all sensitive data inside a portal of my own making... and then send out the password for that to everyone via email.

However, perhaps having a secure portal for all sensitive data and sending out the access, one time, via conventional mail might work. Allowing for password updates via email (or similar process) would be out.

Perhaps...

Matthew Reinbold
Creative Principal, Vox Pop Design, http://voxpopdesign.c...