Slightly more complicated way I have used in the past, I once had a developer working on a plugin for a WordPress site. I did not know the developer, just met them online. So, rather than giving up any of my admin passwords:
created a new sftp user,
and added new user to a group.
added my sftp user to that same group
changed permissions on the plugin folder to include that group, and made it editable by group
mad a symlink in the new users folder to that plugin folder
Then I was able to give the developer the Username and Password for that new user. All he had access to was the one plugin folder. Worked fine, and I could sleep at night.