This app was created to allow for more secure sharing of sensitive information like passwords via insecure channels
such as email or unencrypted websites. It helps reduce potentional data leaks in several ways:
With communication through email for example, it's not easy to see whether that email will be transfered via
encrypted tunnels or if it was in the end - and even if it was, if the encryption was properly appied to the tunnel
so that there's a guarantee that only sender and recipient can see the contents of the message. This leaves an opening
for man-in-the-middle attacks where the sentitive information can be stored or stolen by third parties while on its way
to the recipient.
Email and other messages are commonly stored for a long time, wether it's still in the sender's sent mailbox, the
recipient's inbox, their recycle bin or even in backups that are maintained by the system administrator. As it's not
always clear who has access to that mailbox, it's hard to predict what kind of risk it entails (overtime). Access to that
mailbox can be gained by the email provider, the system administrator, your colleagues (shared mailbox or replacement),
you boss, etc. Plaintext passwords will always remain visible, that's why sharing of secure links that expire after a
certain period of time, can completely remove that risk, of course as long as the expiration date is properly chosen.
The use of shared links with expiration dates also encourages recipients to use proper means of storing such sensitive
I strongly recommend you to communicate to your partners to use password managers to store passwords properly, because
sending passwords and other sensitive information securely is one thing, storing them properly is another thing. There are
many available, but I strongly recommend KeePass or KeePassXC
. For Android check out
This web app was created by Leonardo Malik and is freely available at GitHub
under open source license EUPL v1.2.