It’s 2021, for heaven’s sakes — why are we still sending passwords for services in emails?

Most of the big players, such as Slack, offer “automagical” logins with a one-time link to your email; and Google sends security alerts when someone logs in to one of your accounts. Most web-based services will also send you a first-time link to setup your account.

But why is your IT team sending credentials in plain text?

I mean, sure, TLS prevents on-the-wire snooping, but there’s arguments about whether that’s enough. And until easy PGP implementations are baked in to Outlook, we can be sure people will continue to use unencrypted email.

One solution I found was to use a self-destructing note server.

https://github.com/atoponce/d-note/blob/master/INSTALL.md

This one leverages Flask / Python and can be setup in a few minutes.

This is a great, easy way to send sensitive credentials.