I have a pdf that I want to send someone by email. I know how to encrypt the pdf. In the past I have simply sent the password in a separate email, thinking that the password was not in the email with the attachment so I was okay. Now I am thinking that I was naive. What say you? Is that method reasonably secure?
Just giving this one hopeful bump.
No, that method is not very secure. A less bad method would be to send it to another email account. Much better would be to use a different mode of transmission all together, such as phone, fax or snail mail.
I’m not exactly a security expert, but my two cents is that it really depends on how secure you need it, e.g., will civilization collapse if the pdf falls into the wrong hands?
It’s obviously better than sending the password along with the pdf, but for very sensitive applications it’s generally not considered a good idea to send a cleartext password in email. If your first email was intercepted, what’s to keep your second email from also being intercepted?
Is it possible to text message the password to the recipient? Or some other “out of band” method of sending it. I would consider this method fairly safe.
It’s definitely not a good idea to use the same communication channel for the password. If you don’t have another channel available such as SMS, you could set the password to be something the other person should know but is not likely to be known by anyone else. Then just give a hint, the same way Internet sites use security questions.
For the future, download a decent public key encryption program such as GPG4USB and use that instead.