Best Practices
In terms of the security of communicating sensitive information, each system and channel used to communicate sensitive information introduces a potential security risk, whether perceived or actual.
Rather than sharing sensitive information through WhatsApp, company chat systems, or email—where logs and backups can persist indefinitely—it’s best to manage the information’s lifecycle directly.
This is the idea behind Password Pusher: instead of sending the sensitive information directly, send a secret push URL where you can monitor access logs and after a set duration or views, the sensitive information is deleted entirely (and automatically).
To best use Password Pusher securely and effectively, we recommend these best practices to further mitigate risk.
These methods are intended to help safeguard sensitive information, reduce risk, and mitigate unauthorized access.
General Best Practices
Compartmentalization
Assuming that you are using strong passwords, an individual password only has value with the corresponding username and login location. Security is improved even greater with second layer security strategies such as periodic password resets, two-factor authentication and hardware keys.
A password alone is of little value if the attacker doesn’t know where and with what username it applies to.
- When sending credentials, never send all components of a login together. Send usernames, passwords & login locations in different pushes.
Tip: Security is further improved if you utilize two-factor authentication and periodic password resets in your company security policy.
Short Expiration Times
Pushes (and Requests) should only be accessible as long as necessary to minimize exposure risk:
- Use short expiration windows. Use the shortest duration or view count feasible. Less than a day duration and a single view are recommended when possible.
Passphrase Lock-down
The passphrase lock-down feature adds another level of security to your pushes.
By using this feature, the receiving party is required to enter a passphrase to view the push contents. Even a simple passphrase is better than not using one at all.
As an example scenario, you can create a push and send the push secret URL securely via DM in company chat. Separately, you can call the user on the phone to communicate the passphrase needed to access the URL.
Through this whole process you can monitor the audit logs to view accesses, passphrase attempts and final deletion.
Multi-Channel Communication
Utilizing multiple channels for sharing the push secret URL and the passphrase minimizes the risk if one channel is compromised:
- Share the URL and Passphrase Separately: Use one secure channel to share the secret URL (e.g., company chat DM) and another to share the passphrase (e.g., SMS or a phone call).
Whenever possible, use encrypted communication channels.
Applications like WhatsApp, Facebook Messenger and company gateways (and many others) often use bots with the intention to scan URLs for malicious content but instead find your sensitive information.
In these cases, use the 1-click retrieval step to protect your pushes from passive bot scanning.
Audit Logs
Audit logs provide a full lifecycle view into your pushes. They show creation, views, passphrase access and expiration.
- Periodically monitor your push audit logs for access and proper expiration.
Audit logs give you insight into the security of your sensitive payload that you wouldn’t have without a push. If you see unauthorized access, preemptively expire the push, change the credentials and start over.
Allow Immediate Deletion
This options allows recipients to immediately expire the push (and delete the contents) after retrieval and is a good option to further mitigate risk by lowering the exposure window.
Manual Expiration
Pushes will automatically expire and their content deleted once expiration limits are reached but you can also preemptively expire pushes to further mitigate risk.
Once you know that a push is no longer deleted, expire the push from your dashboard and all sensitive information for that push is deleted entirely and immediately.
Other
The above are some simple steps to follow to mitigate risk at your organization.
Beyond these specifics to Password Pusher, other steps can be taken at your organization to further increase security:
- Require a password change on first login and periodically after that
- Monitor access logs and granted permissions.
- Use two-factor authentication
- and more.
The Password Pusher community is an extremely intelligent group so I’m sure I am just lecturing about things you already know at this point. :-)