Secure password sharing
Share a password securely without leaving it in chat history forever.
iKrypt lets you turn a password into a one-time encrypted link. The password is encrypted in your browser, the server stores only ciphertext, and the decryption key never reaches iKrypt's servers in normal requests.
For long-term team password sharing, use a password manager. For quick temporary handoffs, iKrypt helps reduce the risk of plain-text passwords sitting in messages.
Encrypted in your browser
The password is encrypted before it leaves your device.
One-time access
Choose a view limit so the link cannot be opened forever.
No account required
Create a secure handoff without signing up.
Why not just send the password in email or Slack?
Email, chat, and DMs are convenient, but they are not great places to leave plaintext passwords. Messages can be searched later, forwarded accidentally, synced across devices, exported, screenshotted, or retained long after the password was only needed for a short task.
A one-time encrypted link does not make every risk disappear, but it gives the password a shorter lifecycle. The recipient gets access through the link, and the secret becomes inaccessible after the configured expiry or view limit.
This is useful when someone needs a temporary password now, but you do not want that password sitting in message history forever.
Common password-sharing mistakes
- Pasting passwords directly into Slack, Teams, WhatsApp, or DMs
- Sending passwords as plain text in email
- Saving credentials in shared Google Docs or Notion pages
- Reusing the same password across multiple services
- Leaving temporary passwords available forever
How to do it
How to share a password securely with iKrypt
A simple workflow for short-lived password handoffs.
Paste the password into iKrypt
The password is encrypted in your browser before it is uploaded. iKrypt stores ciphertext, not plaintext.
Choose a short expiry
For passwords, use a short expiry window and one-view access whenever possible.
Send the encrypted link
Share the generated link with the intended recipient through your chosen channel.
Rotate or revoke if needed
For important accounts, change the password after the recipient has used it, especially if it was a temporary access handoff.
Better practices
iKrypt is most useful when combined with sensible password handling.
- Use a password manager for long-term password storage and team sharing
- Use a one-time encrypted link for quick temporary handoffs
- Set the shortest practical expiry time
- Use a one-view limit when the password only needs to be read once
- Rotate the password after the handoff if the account is sensitive
What iKrypt cannot protect against
Browser-side encryption helps with the handoff, but it does not control the recipient's device or behavior.
- A compromised recipient device
- Malicious browser extensions
- Someone forwarding the full link, including the key after #
- Screenshots or copy/paste after the password is revealed
- The recipient intentionally saving or resharing the password
Use cases
When a one-time password link makes sense
Frequently asked questions
What is the safest way to share a password?
For long-term password sharing, a password manager with proper access controls is usually best. For quick one-time handoffs, iKrypt helps you avoid pasting the password directly into email, Slack, or DMs by creating a one-time encrypted link.
Can iKrypt read the password?
No. The password is encrypted in your browser before upload. iKrypt stores encrypted ciphertext only, and the decryption key stays in the URL fragment after #.
Is the full link sensitive?
Yes. Treat the full link as sensitive, especially the part after #. Anyone with the complete link may be able to decrypt the secret until it expires or reaches its view limit.
Should I use iKrypt as a password manager?
No. iKrypt is not a password vault or long-term credential manager. It is for temporary encrypted handoffs.
What happens after the password link expires?
The secret becomes inaccessible immediately after expiry or final view. Expired encrypted records are removed automatically by Firestore TTL, typically within 24 hours.
Create a secure handoff
Share a password without pasting it directly into chat.
Create a one-time encrypted link, set an expiry, and send the link to the intended recipient. No account required.