Securely send and receive sensitive information

Client-side encrypted one-time secrets since 2016


Length exceeded, please use a shorter secret.

Create an account (it's free, no credit card required) to access all features like attachments, branding and notifications.

Avoid copy-pasting passwords in messages

Copy-pasting passwords into messages compromises security, exposing them to potential cyber risks.

Our one-time links can be used for sharing sensitive information securely, along with encrypted attachments to ensure files are protected. This method not only guards against exposure by making the link unusable after access but also extends robust protection to file sharing, maintaining the integrity of your digital communications.

Avoid copy-pasting passwords in messages
Client-side encryption - and why it matters

Client-side encryption - and why it matters

If data is not encrypted before being sent to the service for link creation, it's possible that anyone with access to the service can view the data. Unfortunately, this is a common practice among many services.

We perform all encryption and decryption processes in the browser and store half of the encryption key within the link itself. This ensures that the data is fully encrypted before our service sees it, rendering anyone incapable of decrypting it without the original link. Even in the unlikely event of a breach, your information remains unreadable to us and potential attackers.

Features

Features

One-time links for secure data sharing

Share passwords and other confidential data - along with files - with self-destructing one-time links. There are several settings which you can configure for each link like expiration time, password and CAPTCHA. You can also set how many times the link can be opened.

Request sensitive data with a Secret Request link

Create a Secret Request link for securely requesting sensitive data from your clients and users. It works the same way as sharing data with a one-time link, except that the end result is that you will receive the one-time link containing the data you have requested.

Create links from a CSV file

With our Bulk Secrets feature, you can easily create lots of one-time links from a CSV file. The CSV file parsing is performed in the browser, making sure that we don't have access to any of the data it contains.

Teams

We also have features designed for team collaboration and integration. Create separate accounts for team members, manage settings centrally, and ensure secure access with single sign-on (SSO).

Notifications

Stay up-to-date of all updates with our handy notification system. Notifications, triggered when a link is created, viewed, or has expired, can be sent via email, Slack messages, or webhooks for easy integration with external systems.

API

Our simple REST API can be used to integrate Password.link into any application. It also makes it possible to encrypt and decrypt the sensitive information outside of our service for maximum security and peace of mind.

Branding

For those who seek a fully branded solution, we offer the option to remove all Password.link branding from the service. This feature ensures that your users interact with a platform that is entirely branded to your specifications, without visible references to Password.link. It's an ideal solution for businesses aiming to maintain a strong and cohesive brand image across all tools and services.

Custom domain

To further integrate Password.link into your business ecosystem, we offer the ability to use a custom domain for accessing the service. This can be a subdomain of password.link specifically created for your brand or a completely separate domain provided by you. Utilizing a custom domain enhances brand visibility and trust, making the platform distinctly yours. It ensures that every interaction your users have with the service reinforces your brand identity and provides a consistent, professional appearance.

Ideal for IT teams of all sizes

Ideal for IT teams of all sizes

A common scenario: you need to send credentials via email or Slack. But how can you ensure they're not intercepted or who has viewed them?

With our service, you can create a one-time link for credentials, ensuring they remain unseen until the intended recipient accesses them. Additionally, you can set up notifications through various channels to inform you when and by whom the credentials have been viewed.

Since the link is valid for a single use, it guarantees the credentials cannot be accessed again by anyone else.

We also support encrypted attachments for secure file sharing. Secret requests enable secure communication for sensitive information exchange.

Our platform allows for complete customization, enabling you to remove our branding, add your own, and tailor the content seen by users when accessing credentials.

Looking to integrate our service into your software or manage encryption and decryption externally? Our user-friendly REST API facilitates just that.

Developed with standard, security-proven technologies

Developed with standard, security-proven technologies

Given the nature of our service and its partial operation within browsers, security and privacy are of paramount importance. Our commitment to these principles is evident in how our service operates.

We employ only industry-standard, security-proven technologies and adhere to best practices in security for our service's development. This includes the use of AES-256-GCM for encryption, ensuring the highest level of data protection.

Always encrypted communications

Our service operates exclusively over HTTPS to ensure all communications are encrypted. This is crucial for maintaining the confidentiality and integrity of the data transmitted between the browser and our servers.

Advanced security measures

We implement advanced security technologies, such as Content Security Policy, Strict Transport Security, and Secure Cookies, alongside our unique encryption process to safeguard against both known and emerging security threats.

Encryption at rest and in transit

All data stored in our databases is encrypted at rest, providing an additional layer of security. Similarly, the encryption process begins in the browser, ensuring data is encrypted before it is even transmitted.

Unique one-time link generation process

When creating a new one-time link for a secret, two 18-character long random strings are generated in the browser as public and private encryption key parts. The secret is encrypted using these key parts, with the encrypted secret and the private part sent to our backend. This process ensures that full encryption data is never fully accessible, requiring both the link and database information to decrypt the secret.

No external JavaScript

To prevent the injection of malicious scripts, our service does not load any external JavaScript on pages that handle secrets.

No logging of sensitive data

Our logging strategy is designed to minimize data collection, ensuring no sensitive information is ever recorded. This includes not seeing or logging the public encryption key part, as it's stored in the link using a fragment identifier that the browser doesn't transmit to servers.

Secure one-time access

The backend server allows the data of the secret to be fetched only once, ensuring the link can be opened a single time. After the data has been fetched, the backend deletes the encrypted secret and private key part from the database, making it impossible to access the secret again.

Secure password sharing since 2016.

Since our inception in 2016, we've dedicated ourselves to developing this service, which has since become the leading tool for transmitting confidential information among IT companies worldwide. Our commitment to continuous improvement is driven by one core principle: maintaining simplicity while ensuring security.

Trusted by many.

Our service has earned the trust of organizations worldwide, ranging from large multi-billion dollar corporations to small IT firms. In keeping with our commitment to customer privacy, we refrain from displaying any names or logos here.