Securely send and receive sensitive information
Client-side encrypted one-time secrets since 2016
QR code
You can also use the QR code above to share the link.
Length exceeded, please use a shorter secret.
Avoid copy-pasting passwords in messages
Copy-pasting passwords into messages compromises security, exposing them to potential cyber risks.
Our one-time links can be used for sharing sensitive information securely, along with encrypted attachments to ensure files are protected. This method not only guards against exposure by making the link unusable after access but also extends robust protection to file sharing, maintaining the integrity of your digital communications.
Client-side encryption - and why it matters
If data is not encrypted before being sent to the service for link creation, it's possible that anyone with access to the service can view the data. Unfortunately, this is a common practice among many services.
We perform all encryption and decryption processes in the browser and store half of the encryption key within the link itself. This ensures that the data is fully encrypted before our service sees it, rendering anyone incapable of decrypting it without the original link. Even in the unlikely event of a breach, your information remains unreadable to us and potential attackers.
One-time links for total security.
Send
Ensure the confidentiality of your data with our one-time links for sending information. Create a secure link, share your sensitive data, and rest assured knowing that once the link is accessed, it expires immediately, leaving no trace. Ideal for protecting financial details, confidential agreements, or any private information.
Receive
Receive sensitive information securely with our one-time links. Request data from others and get it delivered through a self-destructing link that guarantees complete privacy. Once you access the information, the link deactivates, ensuring that the data cannot be retrieved again. Perfect for safeguarding received sensitive messages.
Chat
Chat privately without leaving a digital footprint with our secure one-time links. Start a conversation using a link that expires as soon as your chat ends, ensuring all your communications remain confidential. This feature is excellent for negotiating sensitive deals or discussing private matters with complete security.
Leading the way in secure one-time links for top brands.
Features
One-time links for secure data sharing
Share passwords and other confidential data - along with files - with self-destructing one-time links. There are several settings which you can configure for each link like expiration time, password and CAPTCHA. You can also set how many times the link can be opened.
Request sensitive data with a Secret Request link
Create a Secret Request link for securely requesting sensitive data from your clients and users. It works the same way as sharing data with a one-time link, except that the end result is that you will receive the one-time link containing the data you have requested.
Create links from a CSV file
With our Bulk Secrets feature, you can easily create lots of one-time links from a CSV file. The CSV file parsing is performed in the browser, making sure that we don't have access to any of the data it contains.
Teams
We also have features designed for team collaboration and integration. Create separate accounts for team members, manage settings centrally, and ensure secure access with single sign-on (SSO).
Notifications
Stay up-to-date of all updates with our handy notification system. Notifications, triggered when a link is created, viewed, or has expired, can be sent via email, Slack messages, or webhooks for easy integration with external systems.
API
Our simple REST API can be used to integrate Password.link into any application. It also makes it possible to encrypt and decrypt the sensitive information outside of our service for maximum security and peace of mind.
Branding
For those who seek a fully branded solution, we offer the option to remove all Password.link branding from the service. This feature ensures that your users interact with a platform that is entirely branded to your specifications, without visible references to Password.link. It's an ideal solution for businesses aiming to maintain a strong and cohesive brand image across all tools and services.
Custom domain
To further integrate Password.link into your business ecosystem, we offer the ability to use a custom domain for accessing the service. This can be a subdomain of password.link specifically created for your brand or a completely separate domain provided by you. Utilizing a custom domain enhances brand visibility and trust, making the platform distinctly yours. It ensures that every interaction your users have with the service reinforces your brand identity and provides a consistent, professional appearance.
Geo-blocking
The geo-blocking feature provides an added layer of security, ensuring that sensitive information is accessed only from locations you authorize. Whether it's a single country or multiple regions, the geo-blocking functionality will safeguard your secrets by blocking unauthorized access attempts.
IP and email whitelisting
The IP whitelisting feature elevates security measures by permitting only pre-approved IP addresses and CIDR ranges to access the link. In addition, the email whitelisting feature enhances security by allowing only approved email address domains to view your secrets. These capabilities provide granular control over who is allowed to access your sensitive information, adding critical layers of protection. Through precise access management, it ensures your data remains secure from unauthorized attempts.
Secure chats with one-time links
We've expanded our one-time link technology to include secure chats, providing a reliable way to communicate with end-to-end encryption.
Just like our one-time links, these chats are exclusive to the initial participants and are designed to automatically self-destruct once closed, ensuring complete privacy.
Key features:
- End-to-end encryption: Every message is encrypted using AES-256-GCM, the industry standard for secure communication. Encryption and decryption occur directly in your browser, never exposing plain text.
- Private and temporary: The encryption key is exclusively known to the chat participants and is never stored, making the chat content accessible only to those initially involved.
- No data retention: We prioritize your privacy by not logging, storing, or having the ability to decrypt any of your messages.
Ideal for IT teams of all sizes
A common scenario: you need to send credentials via email or Slack. But how can you ensure they're not intercepted or who has viewed them?
With our service, you can create a one-time link for credentials, ensuring they remain unseen until the intended recipient accesses them. Additionally, you can set up notifications through various channels to inform you when and by whom the credentials have been viewed.
Since the link is valid for a single use, it guarantees the credentials cannot be accessed again by anyone else.
We also support encrypted attachments for secure file sharing. Secret requests enable secure communication for sensitive information exchange.
Our platform allows for complete customization, enabling you to remove our branding, add your own, and tailor the content seen by users when accessing credentials.
Looking to integrate our service into your software or manage encryption and decryption externally? Our user-friendly REST API facilitates just that.
Developed with standard, security-proven technologies
Given the nature of our service and its partial operation within browsers, security and privacy are of paramount importance. Our commitment to these principles is evident in how our service operates.
We employ only industry-standard, security-proven technologies and adhere to best practices in security for our service's development. This includes the use of AES-256-GCM for encryption, ensuring the highest level of data protection.
Always encrypted communications
Our service operates exclusively over HTTPS to ensure all communications are encrypted. This is crucial for maintaining the confidentiality and integrity of the data transmitted between the browser and our servers.
Advanced security measures
We implement advanced security technologies, such as Content Security Policy, Strict Transport Security, and Secure Cookies, alongside our unique encryption process to safeguard against both known and emerging security threats.
Encryption at rest and in transit
All data stored in our databases is encrypted at rest, providing an additional layer of security. Similarly, the encryption process begins in the browser, ensuring data is encrypted before it is even transmitted.
Unique one-time link generation process
When creating a new one-time link for a secret, two 18-character long random strings are generated in the browser as public and private encryption key parts. The secret is encrypted using these key parts, with the encrypted secret and the private part sent to our backend. This process ensures that full encryption data is never fully accessible, requiring both the link and database information to decrypt the secret.
No external JavaScript
To prevent the injection of malicious scripts, our service does not load any external JavaScript on pages that handle secrets.
No logging of sensitive data
Our logging strategy is designed to minimize data collection, ensuring no sensitive information is ever recorded. This includes not seeing or logging the public encryption key part, as it's stored in the link using a fragment identifier that the browser doesn't transmit to servers.
Secure one-time access
The backend server allows the data of the secret to be fetched only once, ensuring the link can be opened a single time. After the data has been fetched, the backend deletes the encrypted secret and private key part from the database, making it impossible to access the secret again.
Secure password sharing since 2016.
Since our inception in 2016, we've dedicated ourselves to developing this service, which has since become the leading tool for transmitting confidential information among IT companies worldwide. Our commitment to continuous improvement is driven by one core principle: maintaining simplicity while ensuring security.