Why you should never send secrets in plaintext
When it comes to online communication, protecting sensitive information is a priority. Sending secrets such as passwords, credit card numbers, and personal details in plaintext, i.e., unencrypted form, is like handing a stranger your house keys. Here's why it's unsafe:
- Easy to intercept: In plaintext, your sensitive information travels through the internet unprotected. Hackers can easily intercept and read these details, leading to potential misuse.
- No trace of misuse: Once your data is intercepted, it can be exploited without your knowledge. Tracking such misuse is near impossible.
- Lack of privacy: By sending plaintext secrets, you lose control over who sees your information. It could potentially be accessed by unauthorized persons or even companies for illicit purposes.
At Password.link, we take your security seriously. Our features are designed to protect your sensitive information from these risks, ensuring that your secrets remain secret.
Protect sensitive information
In our interconnected digital world, the importance of securing sensitive information cannot be overstated. With the evolving landscape of cyber threats, vigilance and proactive measures are necessary to protect your private data.
One-time viewing: your first line of defense
Our standout feature is one-time viewing. As soon as your information is accessed once, it is immediately locked. This guarantees that your sensitive information is not susceptible to repeated views, limiting exposure and reducing the chance of unauthorized access.
Client-side encryption: your data, your control
We respect your privacy, and we make it our priority. That's why we implemented client-side encryption. The secret is encrypted directly in your browser before it ever leaves your device. This means we, at Password.link, have zero access to your data. Even in the unlikely event of a breach, your information remains unreadable to us and potential attackers.
Self-destructing messages: erasing traces, enhancing safety
We understand that the safer your secrets, the less they linger. With our self-destructing messages, the information is automatically and permanently deleted from our servers as soon as your recipient views it. This leaves no residual data that could be compromised, providing another level of safety to your sensitive information.
Encrypted attachments: safeguard your files
Sensitive information isn't confined to text. Often, our most valuable secrets are embedded within various types of files. From strategic documents to personal photos, your files should be handled with the utmost care and discretion.
Secure transmission of your valuable files
At Password.link, we acknowledge the sensitive nature of your attachments and provide an avenue for their secure transmission. Our encrypted attachments feature ensures that your files are more than just attached; they're enveloped in a secure, digital shield.
Robust encryption: the heart of secure file sharing
Our robust client-side encryption doesn't just apply to text; it extends to your attached files as well. Before your file ever leaves your device, it's encrypted within your browser, making it unreadable to anyone without the decryption key, including us at Password.link.
One-time viewing: keeping your files confidential
In alignment with our one-time viewing feature for text, we apply the same principle to your attachments. After your file has been accessed once, it’s locked, preventing further access and reducing the chance of unauthorized viewing.
Self-destructing files: erasing digital footprints
True to our commitment to leave no traces, your file attachments also benefit from our self-destruct feature. Once your recipient has opened the file, it’s permanently deleted from our servers, ensuring no residual data can be compromised.
With Password.link, your sensitive files are not just shared; they're protected with the most stringent security measures. Trust us to keep your attachments secure.
Secret requests: secure communication simplified
Secure exchange of sensitive information is a must. At Password.link, we streamline this process with our secret requests feature.
Safeguarded requests, ensured response
Instead of insecurely asking for sensitive data, use our platform to send a secure secret request. The recipient can then respond in a safe, encrypted environment, ensuring their sensitive information remains confidential.
Client-side encryption: a standard practice
As with all our services, secret requests benefit from client-side encryption. The recipient's response is encrypted right in their browser before transmission. This means their data remains unreadable to outsiders, including us at Password.link.
One-time viewing: minimized exposure
Secret responses can be set to one-time viewing. After the first access, the data is deleted, preventing repeated views and unauthorized access.
Beyond the basics
Other notable features include:
Configurable settings for secrets
The following settings can be configured for a secret:
- Message: a custom message which will be displayed when the secret is viewed
- Description: a description for the secret which will be shown only for the user itself on the list of created secrets
- Expiration time: a time, in hours, after which the secret will be expired and can no longer be viewed
- Password: a password for the secret
- View button: requires a button to be clicked before showing the secret (for blocking link previews)
- CAPTCHA: requires a CAPTCHA to be solved before showing the secret (for blocking automated scanners)
Teams
Separate accounts can be created for additional users. Several settings, like custom pages and subscription, are managed by the team administrators and shared between all team members. This makes it easy for new team members to start using the service.
Single sign-on
Experience a seamless, secure, and streamlined login process with our SSO feature, promoting efficient access and robust security for all users.
Notifications
Stay up-to-date of all updates with our handy notification system. Notifications, triggered when a secret is created, viewed, or has expired, can be sent via email, Slack messages, or webhooks for easy integration with external systems.
Page templates and custom domain
The content and layout of all relevant pages can be customized. All our branding can also be removed. This is a perfect way to make the pages look like a part of any brand.
A custom domain, either a password.link subdomain or a domain provided by the customer, can be used as the base URL for the secret.
API
Our simple REST API can be used to integrate Password.link into any application. It also makes it possible to encrypt and decrypt the secret outside of Password.link for maximum security and peace of mind.
Need help with an integration or a custom solution? No problem - just drop us a line.