Instead of sending credentials or other sensitive information in email, this system creates an encrypted link,
emails it to the intended recipient, and relies on you to transmit a 4-word passphrase which they use to
decrypt the link sent to them.
This allows you to avoid forwarding emails with attached or inline sensitive information.
As a result, you end up reducing risk of accidentally leaking passwords because of poor email practices by your recipient or yourself.
We require TLS/SSL connections, use AES-256-CBC bcrypt encryption signed with message authentication code (MAC),
store all information within volatile in-memory key-value store (redis) fully encrypted and set to automatically expire.
No data is persisted to a database. We rotate the application key automatically at random times. Links sent to recipients
use signed URLs. You can expire any item you create immediately from the success page.
In short, we believe this is a much safer alternative to placing credentials in plain-text within emails. Other tools, including digitally signed and encrypted emails, password manager secure sharing, and encrypted messages with GPG are all great, secure alternatives.
Ultimately, you should only use this tool if you don't have an alternative secure method of sending credentials and you trust the creator, Patrick Labbett, and the company NotifiUs, LLC.
This generally means someone is trying to send you a message that has been encrypted. In rare cases, it's possible a bad actor is
using our system to spam or otherwise abuse the service. We've taken steps to mitigate abuse, including rate-limiting to 1 submission per minute,
detecting automated submissions, and requiring a reCaptcha challenge.
To report abuse of this tool, please email firstname.lastname@example.org and we'll assist as quickly as possible.