Quite regularly, we ask current or potential clients to send us various server, website, FTP, and other online account passwords necessary for us to provide the consulting services requested. However, we do NOT recommend ever sending passwords via email (unless for some reason the password is specifically temporary in nature). Instead, here is how we prefer to receive them:
There is a great online utility here: https://dead-drop.me/.
For example: Lets say your site is xyz.com, and you want to send us your server credentials as well as Joomla super-admin credentials. Well, you'd first email us and let us know it's coming. Then, you'd copy/paste all of that info into the dead-drop box, such as:
username1 | password1 username2 | password2
You'd then click the "Make the drop!" button, copy/paste the dead-drop secret URL info, and email that to us. We could then retrieve it, and you'd have shared nothing anyone could ever use to hack your site or server.
This is handy not only for us, but for you as well. And, remember, anytime you actually email a password to anyone, that creates TWO new copies of it -- one in your email and one in the recipient email. So, if *either* of those email accounts ever gets hacked, the password-protected site could get hacked too. That's why we do it this way instead.