How to share passwords via email

In this post, let us take a look at services that allow you to send sensitive information over email. One time passwords, address or any other information that can be read easily by others, are some examples where such a service can be useful.

Generating a message using Reveal IT. Blog of Amar Vyas
Generating a message using Reveal IT

Background: Password via email

A few weeks ago, I signed up with a service provider. They sent me an automated email asking me to confirm my email account. Upon confirmation, they sent me account details. To my surprise, the password to my login was mentioned in plain text!

As we enter the third decade of the current millennium, this practice should be stopped immediately. But what if your provider does not want to upgrade systems? You can either bid them goodbye, or encourage them to use a service that sends one time passwords. Or a service where the information is encrypted before it is sent.

Sending other sensitive information via email

Let us say you want to communicate information across to a user, a friend, or a near and dear one. Would you do so in plain text? Your spouse’s birthdate, etc. are some of the more innocuous examples. Others include medical records, or insurance details. You can let your imagination run wild on this one.

Would you send this information via email, or use a third party service? Most of you would prefer the latter!
I looked up some indormation on the latter, and came up with the below list.

Sending information via email: Third party services

Below is a list of services that are free to use. There are paid options also available. While I am not a big fan of *free* services, I thought that for everyday use, the below services were more than adequate.

READ
Designcap for Graphic Design

Quickforget.com
This is a service form Automattic, the folks behind WordPress. Quickforget lets you store the information on their site temporarily. This could be a one time password, or information that can only be accessed by users who have the secret link.

Revealit.me

Using revealit.me, you post your message, and a link is generated automatically. You can send the link to the recipient via email, or any other means. The recipient can read the message by clicking the link. The message is a one-time use, that is, if you share the link with multiple users, or refresh the page, the message gets deleted.

One Time Secret
You can create a link for a one time use using this service (as the name says!) You can create a random one time message, and send the link for that message to the recipient. They can reply to you in a similar fashion. You can also encrypt a short message and set a password. the reader will have to enter the password in order to read that message. That way, even if someone surreptitiously gets hold of the link, they will not be able to read the message. Other features includes setting a time limit for the message (for e.g. message will self expire after 7 days). Learn more about onetimesecret here.

Sites like alternativeto have a list of current and former services.

Safenote is an ad supported free service that allows you to send files and notes. A self destructing Private link is another option they offer.

Sending messages via safenote.co. Blog of Amar Vyas
Sending messages via safenote.co

temp.pm allows you to send AES-256 encrypted private messages. It is a free servie but they welcome donations.

READ
Benchmarking Virmach VPS, New Jersey, USA: Black Friday 2020

Yopass offers a self hosted option to the above services. You can also use their website. The mssages can self destruct after one time read, or with a set time limit.

Yopass.se is an open source service with a self hosting opton. Blog of Amar Vyas
Yopass.se is an open source service with a self hosting opton

Brieflink.io offers services similar to safenote. I was not able to find much information about them, and their twitter account has been suspended as on date of publishing this post.

Nohistory.fyi allows you to send formatted email or messages, set passwords, one time read messages, or set a timeline before the message self destructs. The site mentions that the product is in early stages of development, the tech stack is based on AWS.

Nohistory.fyi Uses the AWS Stack. Blog of Amar Vyas
Homepage of Nohistory.fyi

Typewriting.ink I saw this one on Betalist, and thiought of addint it to this post. While not specificlaly designed for secure messaging, this site does offer that function.

Noteworthy Mentions

You can use one time use email accounts to send the information, though the purpose of existence for such accounts may be different than the above services. Here are a couple that I have used often in the past. In a future post a more extensive coverage of such services is planned.

Temp Mail

Guerilla Mail

Summing it all up

One can think of many useful and innocuous ways of using the above (or similar) services. Some could be for fun. Others for financial information, medical records, account logins, etc. Of course there can be some nefarious ways, but let us focus on the legitimate ones, and appreciate that such services exist.

Leave a comment