1timeio
Password GeneratorBlog
Text SecretSecure File Sharing

Recipient will need this to decrypt

Link expires even if unread

Share Passwords Securely with Encrypted One-Time Links

Stop pasting passwords into Slack messages, emails, and spreadsheets where they sit indefinitely. 1time.io lets you share a password through an encrypted one-time link that self-destructs after the recipient reads it. The password is encrypted in your browser using AES-256-GCM before it ever touches the server. No signup, no account, completely free.

🔒

End-to-end encrypted

Your password is encrypted in the browser. The server stores only ciphertext it cannot read.

💥

Self-destructing link

The link works exactly once. After the password is read, it is permanently deleted.

🛡️

Zero-knowledge

The decryption key stays in the URL fragment and never reaches the server. We cannot read your password.

🔐

Optional passphrase

Add a second factor so the link alone is not enough to decrypt the password.

Why you should never send passwords in plain text

When you paste a password into a Slack DM, it is stored in Slack's servers indefinitely. Workspace admins can export and read all messages, including DMs. The same applies to email: messages persist on mail servers, in backups, and in the recipient's inbox forever. Even if you delete the message, copies remain in server logs and compliance archives. A one-time encrypted link solves this by ensuring the password exists only for a single viewing, and no copy persists on any server after it is read.

How secure password sharing works

Paste your password above and click "Create secret link". Your browser generates a random encryption key, encrypts the password with AES-256-GCM, and sends only the ciphertext to the server. The encryption key is placed in the URL fragment (the part after the # symbol), which browsers never transmit to servers. You send the full link to the recipient. When they open it, their browser fetches the ciphertext, decrypts it locally, and the server permanently deletes its copy. The password is never visible to anyone except the sender and recipient.

When to use one-time links vs a password manager

Password managers like 1Password and Bitwarden are the right tool for ongoing shared access within a team. But they require both parties to have accounts and be part of the same organization. One-time links are better for situations where a password manager is impractical:

  • Onboarding a new hire who does not have a password manager account yet.
  • Sharing credentials with a client or external contractor.
  • Sending a WiFi password to a guest or Airbnb visitor.
  • Handing off API keys to a developer on another team.
  • Any one-time handoff where the recipient does not need permanent access.

Share passwords safely across any channel

Because the password is encrypted before it leaves your browser, you can safely send the one-time link over any channel — email, Slack, Teams, SMS, WhatsApp, or even a post-it note. The link itself does not contain the password in readable form. Even if someone intercepts the link after it has been used, they get nothing — the data is already destroyed. For additional security, send the optional passphrase through a different channel than the link.

Frequently asked questions

How do I share a password securely?

Paste the password above, click "Create secret link", and send the link to the recipient. The password is encrypted in your browser before being stored. The recipient opens the link, sees the password once, and the data is permanently deleted from the server.

Is it safe to send passwords over email or Slack?

No. Emails are stored indefinitely on mail servers, and Slack messages persist in searchable history that admins can export. Both channels leave your password exposed long after it was shared. One-time encrypted links solve this: the password is encrypted end-to-end and destroyed after a single view.

Can the server see my password?

No. Your password is encrypted in the browser using AES-256-GCM before it reaches the server. The decryption key stays in the URL fragment, which is never sent to the server. This is called zero-knowledge architecture — we cannot read your secrets even if we wanted to.

What happens after the recipient reads the password?

The encrypted data is permanently deleted from the server. The link stops working immediately. Nobody — including the sender — can retrieve the password again. If the link is not opened, it expires automatically after the set time period (1 to 30 days).

Can I add extra protection to the shared password?

Yes. You can set an additional passphrase when creating the link. The recipient will need both the link and the passphrase to decrypt the password. This adds a second factor in case the link is intercepted.

Is this better than using a password manager for sharing?

They serve different purposes. Password managers are best for ongoing shared access within a team. One-time links are better for one-off handoffs: onboarding a new team member, sending credentials to a client, sharing a WiFi password with a guest, or any situation where the recipient does not need permanent access.

More ways to share securely

Send encrypted filesShare via QR codeGenerate a strong passwordWiFi password generatorAPI key generatorGuide: How to share passwords securelyGuide: Team password sharingIs Slack safe for passwords?How to send passwords over email
Secure File SharingPassword GeneratorPassphraseWiFi PasswordAPI KeyQR Code
BlogAboutPrivacyCLIGitHub

Zero-knowledge · Quantum-safe encryption · © 2026 1time.io