Are you sharing sensitive data & passwords on freelancer websites? 1 Security

As a freelancer/consultant I use freelancer sites like PeoplePerHour or upwork to get gigs. One of the issues evident in every job I have done is the disregard for security on these platforms.

Most IT or web-related jobs done on freelance platforms are going to involve the exchange of sensitive data, specifically passwords, which is required in order to do the job. Clients will gladly share everything with multiple freelancers without a second thought, including their logins for control panels, hosting accounts, domain registrars, websites, and everything else.

This unconscious sharing of such details has massive security implications which I will address below and offer better and more secure alternatives.

Security Bad Practices

Your login details are for your own use, and everything that is done with your login credentials links back to you. If you share these credentials with multiple people and there is a security breach, you will have no idea who is responsible. If you are an employee and have a boss, then you will most certainly be blamed for the security breach, which could cost your company dearly.

You should not post any sensitive information in the job chat/discussion on the freelancer site (unless they are temporary logins that will be revoked). These conversations will most likely be stored in plain text and not encrypted in any way. Certainly, in the case of PeoplePerHour and Fiverr, I have asked them directly and they have confirmed this is the case.

In fact Fiverr support even said outright to me that they do not recommend sharing passwords on their platform, even though it doesn’t state this anywhere on their site, they do nothing to discourage it and this is exactly what everyone does.

Are you sharing sensitive data & passwords on freelancer websites? 2 Security
Hackers are everywhere

Thousands of sites get hacked and data is stolen every single day. Most of them are unaware they have even been hacked and the breach can go unnoticed for months or even years in some cases.

If any of the freelancer sites suffer a security breach, the hackers will have access to any data which is not encrypted, which includes all those login details that clients have entered in the chat with their freelancers. Not forgetting that the support staff can also read all your discussions as well, so any dishonest support agent could simply lift your login details and use them for illicit purposes.

Sadly there are also a lot of unscrupulous freelancers out there too, who will intentionally do damage to your systems in order to generate more work for themselves, or may seek revenge in the event of a dispute or disagreement.

I have had several jobs cleaning up after such situations and have found all kinds of back doors, insecure plugins, malware and extraneous logins that presumably had been created by other freelancers.


Ideally, you should find a single reliable freelancer/company who you are happy with and stick with them, rather than using a different freelancer each time. Not only is this better for security, but using multiple freelancers can also cause other problems as they are oblivious to what work their predecessor has done, and so will often break or undo each other’s work.

Sticking with the same person/company creates a relationship as well as a recurring income, which will, in turn, result in better quality of work, fewer issues and less expense as they will know your systems and the work they have done before and be more inclined to keep you happy.

Plus any decent freelancer/contractor will use a task/project manager and will keep notes on the work he does for ongoing clients which also improves communication and project management.

Do not post sensitive information in the workstream/chat. An exception would be if you are providing a temp login which will be revoked once the job is done.

If you do need to give a freelancer (or anyone) temporary access to your accounts or website, then ideally you should provide them with their own login, not give them yours, which you should revoke (delete) once the job is done.

If it is not possible to create a separate login for your freelancer, then you should always change your passwords after the job has been completed.


Are you sharing sensitive data & passwords on freelancer websites? 3 Security
everyone should use a password manager

Create a Secret Link

There are a number of online tools which will allow you to share information with someone securely via a special secret link that is randomly generated just for you and only works once. As soon as the recipient clicks on the link to view the information, that link and all the information is destroyed.

This makes it safe to share that link via email or on freelancer sites, because the link only works once, so is useless to anyone else that finds it after it has been used.

OneTimeSecret is my favourite so far.

This tool allows gives to a large textarea, allowing you to share any amount of information in one go. It also allows you to put an optional time limit on the link (how long it will stay active for) and also an optional passphrase protect the link as well. So you could then provide the password via phone or SMS to make it extra secure in case the recipient won’t be checking the link immediately or there is any chance of it being intercepted.

A few other solutions include:- | Saltify |

Cloud document sharing

Everyone has access to cloud storage and the ability to share files and documents FOR FREE.

I come across a surprising number of people who are unaware of this, but every single Windows user has access to OneDrive by default. It is part of Windows operating system and allows you to sync up to 5GB of files to the cloud for free. You can then share these files with anyone simply by sending them a link.

Even if you do not use Windows, you can still get a free Microsoft /
OneDrive account.

So you could temporarily put all the info you need to share into a text file or word doc, and share that link with your freelancer. Once the job is done, unshare that file and delete it.

NOTE: This is also not an ideal method and still not very secure to have your login stored in plain text, but it is certainly better and putting them into your workstream where they be on display forever or sending them via email.

If you do not know how to share files with OneDrive, then please read this article “how to share files with others using OneDrive“.

You can also do the same with Google Drive, which you also already have access to if you have a free Gmail account.

Use a password manager

Are you sharing sensitive data & passwords on freelancer websites? 4 Security

Using a password manager is something I recommend to everyone. It will remember all your passwords and other personal info for you, software licenses, bank details etc. It will automatically log you into websites, fill in forms, generate strong passwords for you and more.

Some of the most popular solutions are 1Password, LastPass and Dashlane, some of which offer a free edition, although there are many other apps available which vary in features and simplicity.

Password managers are also the most secure way to share logins and other sensitive information with your freelancer and then revoke the share once the job is done. You simply choose to share a login, enter the freelancers email address, and it will send them a share request. If they already use the same password manager, then job done, otherwise, they simply need to register for the free version in order to accept your share request.

As a result the login details are never shared in plain text, as the freelancer will only use the password manager.


I am going to mention WordPress specifically because this is somehting I deal with a lot, since I build, support and manage WordPress websites.

In almost every WordPress job I do, clients will send me their own admin login, which they have sent to every freelancer before me, who still have access as the password has never been changed.

If you need to give someone permanent access, then create a new admin user just for them, if just need to provide temp access, then I suggest using the “temporary login without passwordplugin , which will allow you to provide a temporary login which will automatically expire after x number of days.

Share This