Unless you have a photographic memory and can memorize hundreds of passwords, there is no “safe” way to keep passwords. As a rule, I don’t keep passwords for my clients. If they loose their password, they need to use the WordPress “Lost Password” feature. And frankly, it’s a good idea for them to update their passwords every now and then anyway.
Every client tells me that there is no reason for their site to be hacked, but the honest truth is that if you have a site – someone wants to hack you. That’s just the facts.
As a web developer, I often need to email my clients passwords. Instead of leaving passwords laying around in email, which is very insecure, I’ve started sending clients their passwords using onetimesecret.com. Once the client views the password, the link no longer works and this helps make their site a little safer.
Using the site is free and doesn’t require any login, although you can create a free account and get a few more options to make your passwords even safer.
Sure, using the site is somewhat of a hassle. Sometimes clients don’t realize that the link won’t be available later. But in the end, it’s a much bigger hassle to have your site hacked. An ounce of prevention and all that.
Have you used this service or another service like it? I’d love to hear about it.
Came across your article. I just wanted to let you know we have released an updated version of OTS called “Cloak” at https://www.cloak.sh. The current OTS project had packages software which had not been updated for a few years. We forked the project and updated the underlying software to bring the release to current standards. We have also included a collection to monitoring applications and tools as well to ensure everything meets expectations. Would appreciate any references or mentioned. Thanks!
Laura Hartwig says
Thanks! I’ll give it a try!