5 Things You Should Never Send in Plain Text

We send hundreds of messages every day. Texts, emails, Slack messages, DMs — it's become so automatic that we rarely stop to think about security.

But some information should never travel as plain text through chat apps, email, or SMS. A single careless message can lead to devastating consequences that take months or years to undo.

1. Passwords & Login Credentials

"Just text me the password" — the most dangerous sentence in digital communication.

According to the 2024 Verizon Data Breach Investigations Report, 81% of hacking-related breaches involved stolen or weak credentials. And yet, millions of people send passwords through messaging apps every single day.

Why this is a disaster waiting to happen

• Chat history is forever. Even if you delete the message, it remains on the recipient's device, in cloud backups, and on servers.
• Search makes it instant. Anyone with access to the device can search "password" and find everything.
• Screenshots are uncontrollable. The moment you hit send, you lose all control.
• One stolen phone = total exposure. Every password ever shared in that conversation is compromised.

In 2023, EA Games lost 780GB of source code after hackers obtained login credentials that had been shared in a Slack channel. A "secure" company messenger wasn't secure enough.

2. Credit Card Numbers & Financial Information

"I'll just send you my card number this one time" — famous last words.

That one message becomes a permanent record. Chat logs are backed up to the cloud, synced across devices, and available to anyone who gains access to the account.

The numbers are alarming

The FBI's Internet Crime Complaint Center reported $12.5 billion in losses from internet crime in 2023, with credit card fraud among the top categories. A 16-digit card number, a 3-digit CVC, and an expiration date — that's all someone needs for online purchases.

In 2023, a UK-based company discovered that employees had been sharing corporate credit card details via WhatsApp for years. When one employee's phone was compromised, every card number was exposed at once.

3. Social Security & Government ID Numbers

Social Security numbers, passport numbers, driver's license numbers — these identifiers cannot be changed once compromised.

Identity theft from leaked government IDs is one of the fastest-growing crimes worldwide. The FTC received 5.4 million identity theft and fraud reports in 2023. A stolen Social Security number can be used to open bank accounts, apply for loans, file fraudulent tax returns, and more.

The permanent damage

• Passwords can be reset. Your Social Security number is for life.
• Recovery takes an average of 6 months and 200+ hours of effort.
• Victims spend years monitoring their credit and disputing fraudulent charges.

Yet people routinely text these numbers to family members, accountants, and landlords without a second thought.

4. Medical & Health Information

Test results, prescriptions, insurance details, diagnoses — medical information is among the most sensitive data that exists.

In many countries, sharing medical information through insecure channels is actually illegal. HIPAA in the US imposes fines up to $1.5 million per violation category per year. The EU's GDPR classifies health data as a "special category" requiring explicit consent and enhanced protection.

Why medical data leaks hit different

• Health insurance denials based on pre-existing conditions
• Employment discrimination
• Social stigma and damaged relationships
• The information is irreversible — you can't "un-know" someone's diagnosis

In 2024, a US healthcare provider was fined $1.3 million after staff members were found sharing patient information through standard text messages. Convenience came at a devastating cost.

5. Business Secrets & API Keys

Source code, API keys, internal documents, client data — the intellectual property that keeps businesses running.

GitGuardian's 2024 State of Secrets Sprawl report found over 12 million leaked secrets in public GitHub repositories alone. But the secrets shared via messenger and email remain uncounted — and potentially even more dangerous.

The cost of a single leak

• A leaked AWS API key has been known to generate $50,000+ in unauthorized charges within hours.
• Uber suffered a massive breach in 2022 after credentials were compromised through internal Slack messages.
• One exposed API key can provide access to your entire infrastructure, customer database, and financial systems.

What to Do Instead

For every type of sensitive information, there's a safer alternative:

Information Type	Secure Alternative
Passwords	Password-protected links (LOCK.PUB memo feature)
Financial info	Encrypted channels or in-person delivery
ID numbers	Password-protected documents
Medical info	Secure patient portals or dedicated health apps
API keys	Secret management tools (Vault, .env files) + password-protected links for one-time sharing

With LOCK.PUB, you can turn any sensitive text into a password-protected memo link with an expiration time. The content is only accessible with the password, and it disappears after the expiry — far safer than leaving it in a chat log forever.

The Golden Rule

Here's a simple test: Would you be comfortable if this information appeared on a billboard in Times Square?

If the answer is no, don't send it in plain text.

Convenience and security don't have to be enemies. Creating a password-protected link takes 30 seconds. Recovering from a data breach takes months — or years.

Start Protecting Your Information Now

The next time you're about to paste sensitive information into a chat window, stop for a moment.

Create a free password-protected link at LOCK.PUB. It takes 30 seconds to protect what could take years to recover.

Some information is too valuable to send in plain text.