Skip to main content

Sendent for Outlook Plus/Premium users can improve their email security by sending passwords separately from share links. This article provides a guide on enabling and using this feature effectively.

Why send passwords separately

Separating passwords from share links in your emails creates a robust additional layer of security. Here’s how it works:

  • The first email contains only the Share URL.
  • A second email, sent from the same account, delivers the password to access the Share.

This approach increases the difficulty for potential attackers to obtain both the password and the content, thereby enhancing your overall security posture. However, it’s important to note that while this practice improves security, it doesn’t provide absolute prevention against data leaks.

The security principle behind it

This method leverages the principle of separating access components. By distributing the link and password across different emails, you create an additional step for accessing your shared content.

However, it’s crucial to understand that both emails still use the same communication channel (email), so this doesn’t constitute true two-factor authentication.

When to use Password Communication

This feature is particularly valuable when:

  1. Sharing sensitive documents or data
  2. Complying with data protection regulations
  3. Communicating with external partners or clients
  4. Transferring information in environments with elevated security concerns

Who benefits the most from Password Communication

Separate password communication is ideal for:

  1. Financial institutions handling sensitive client data
  2. Healthcare providers sharing confidential patient information
  3. Legal firms exchanging case-sensitive documents
  4. Government agencies managing classified information
  5. Businesses dealing with proprietary intellectual property

How to activate Password Communication

You can enable this feature primarily through the Sendent app for Nextcloud. Here’s how:

  1. Open the Administration settings page.
  2. Click on your user avatar or name in the top right corner of the Nextcloud interface and then click on the “Administration Settings” option.
  1. From the sidebar menu, click the “Sendent” option.
  1. Navigate to the group settings section and switch to Sendent for Outlook option.
  1. Under the General section, find the field named “Password Communication mode”. In this field, you can choose to include the password in the email body or send the password in a separate email.

If the password communication mode is set to “Send in separate email,” the default snippet for Share files and Public share will still include the password unless specifically adjusted to exclude it.

Locate the “Password communication snippet” and modify it to your desired format. This snippet will form the content of the separate password email and includes the password by default.

Modify the existing templates (Share Files snippet, Share Public Folder Snippet, and Secure Mail snippet) by removing the “{PASSWORD}” tag in these snippets.

Note: You may also use the WYSIWYG editor to enable Password Communication. In the WYSIWYG editor, the password is available by default in the templates. To activate the separate password feature, you need to delete the password from these templates.

Knowledge Base: How to Edit and Customize HTML Snippets Using the WYSIWYG Editor

Best practices for Password Communication

To maximize the effectiveness of this security feature:

  1. Use strong, unique passwords for each share. You can leverage Nextcloud’s password policy to enforce the use of strong passwords.
  2. Consider implementing a password rotation policy for long-term shares.
  3. Educate recipients about the two-email system to prevent confusion.
  4. Regularly review your organization’s security policies and adjust your use of this feature accordingly.

Remember, while sending passwords separately adds a layer of security, it’s just one part of a comprehensive security strategy. Always consider additional measures to protect sensitive information, such as encryption and secure file storage practices.

Leave a Reply