Secure password sharing

Share a password securely without leaving it in chat history forever.

iKrypt lets you turn a password into a one-time encrypted link. The password is encrypted in your browser, the server stores only ciphertext, and the decryption key never reaches iKrypt's servers in normal requests.

For long-term team password sharing, use a password manager. For quick temporary handoffs, iKrypt helps reduce the risk of plain-text passwords sitting in messages.

Encrypted in your browser

The password is encrypted before it leaves your device.

One-time access

Choose a view limit so the link cannot be opened forever.

No account required

Create a secure handoff without signing up.

Why not just send the password in email or Slack?

Email, chat, and DMs are convenient, but they are not great places to leave plaintext passwords. Messages can be searched later, forwarded accidentally, synced across devices, exported, screenshotted, or retained long after the password was only needed for a short task.

A one-time encrypted link does not make every risk disappear, but it gives the password a shorter lifecycle. The recipient gets access through the link, and the secret becomes inaccessible after the configured expiry or view limit.

This is useful when someone needs a temporary password now, but you do not want that password sitting in message history forever.

Common password-sharing mistakes

  • Pasting passwords directly into Slack, Teams, WhatsApp, or DMs
  • Sending passwords as plain text in email
  • Saving credentials in shared Google Docs or Notion pages
  • Reusing the same password across multiple services
  • Leaving temporary passwords available forever

How to do it

How to share a password securely with iKrypt

A simple workflow for short-lived password handoffs.

01

Paste the password into iKrypt

The password is encrypted in your browser before it is uploaded. iKrypt stores ciphertext, not plaintext.

02

Choose a short expiry

For passwords, use a short expiry window and one-view access whenever possible.

03

Send the encrypted link

Share the generated link with the intended recipient through your chosen channel.

04

Rotate or revoke if needed

For important accounts, change the password after the recipient has used it, especially if it was a temporary access handoff.

Better practices

iKrypt is most useful when combined with sensible password handling.

  • Use a password manager for long-term password storage and team sharing
  • Use a one-time encrypted link for quick temporary handoffs
  • Set the shortest practical expiry time
  • Use a one-view limit when the password only needs to be read once
  • Rotate the password after the handoff if the account is sensitive

What iKrypt cannot protect against

Browser-side encryption helps with the handoff, but it does not control the recipient's device or behavior.

  • A compromised recipient device
  • Malicious browser extensions
  • Someone forwarding the full link, including the key after #
  • Screenshots or copy/paste after the password is revealed
  • The recipient intentionally saving or resharing the password

Use cases

When a one-time password link makes sense

Sending a temporary login to a client
Sharing a staging password with a contractor
Passing access to a teammate without leaving it in chat history
Giving a freelancer a short-lived credential
Sharing a recovery code only once
Sending a Wi-Fi or admin password for a limited task

Frequently asked questions

What is the safest way to share a password?

For long-term password sharing, a password manager with proper access controls is usually best. For quick one-time handoffs, iKrypt helps you avoid pasting the password directly into email, Slack, or DMs by creating a one-time encrypted link.

Can iKrypt read the password?

No. The password is encrypted in your browser before upload. iKrypt stores encrypted ciphertext only, and the decryption key stays in the URL fragment after #.

Is the full link sensitive?

Yes. Treat the full link as sensitive, especially the part after #. Anyone with the complete link may be able to decrypt the secret until it expires or reaches its view limit.

Should I use iKrypt as a password manager?

No. iKrypt is not a password vault or long-term credential manager. It is for temporary encrypted handoffs.

What happens after the password link expires?

The secret becomes inaccessible immediately after expiry or final view. Expired encrypted records are removed automatically by Firestore TTL, typically within 24 hours.

Create a secure handoff

Share a password without pasting it directly into chat.

Create a one-time encrypted link, set an expiry, and send the link to the intended recipient. No account required.