Written on August 8, 2016 by Stephan Wehner.
I went to visit our accountant last month. The accountant for my company, The Buckmaster Institute, Inc. I wanted him to start working on our yearly tax return.
Of course, the way it is, he works from files, from computer files with the various financial transactions for the year.
So in the past I brought these CSV files on my laptop, or on a USB stick, and transferred them to his systems right in his office.
This time he asked to email them. But I said no, I would not like that.
He asked why.
And I said I wouldn't want this information to be so easily accessible, and it is easy to "lose" email. I didn't feel comfortable having such files sitting in his email indefinitely.
So he agreed, and asked if I knew a better way, better than me bringing the files personally.
I didn't off-hand.
A few days later I was looking at something concerning ZIP files and I noticed they come with an encryption option. In case you don't know, a ZIP file can contain many files. ZIP files are produced with a ZIP application, and you can choose which files to include. To "get the files out again," you use the same application, but in "unzip" mode. The major motivation for ZIP files is that the files are compressed, so that the ZIP file is usually much smaller than the files it contains.
So, yes, I was going to tell my accountant, next time I would send him an encrypted ZIP file, containing the files with the financial information. I would tell him the password by phone. (The compression part of ZIP files is not crucial, but a nice-to-have.)
So far so good. A few weeks went by. Then I met another accountant in a more social setting.
I told her about what I had come up with, and asked her opinion.
She said, oh yes, they used to do that all the time. (Now she was in a different department.)
But, she said, they would end up having all these password notes lying around the office.
So I found that quite amusing. That sounds like mess, right there.
But the way I would set this up with my accountant would be to make it understood that we would always use a different password, and if he forgot it, he could just phone again, then I would send the file again, compressed with a new password. He would make his local copy and work from that, not from the email attachment. I think it's just a natural limitation of the system. After all it is quite primitive, and is bound to have limitations.
If you like this approach you can use a free and open-source ZIP application from 7-ZIP. Wikipedia has a lot more details about ZIP files, including a short discussion about the encryption scheme used.