Send Password Securely

The safest way to send a password via email or chat. The link works once, then vanishes.

Why secure send password securely matters

There is a subset of password-sharing that has nothing to do with work. You text your partner the streaming-service password during a Wi-Fi-less drive, give your sister the recovery codes for an account before a long flight, or send a parent your home alarm-system code while they pet-sit. These are everyday situations, but the channel choices around them are quietly dangerous.

Texting a password leaves it in iMessage or RCS history forever — and on iMessage in particular, the message also rides along to every device on the same Apple ID, including the iPad your kid plays games on. Email is worse: a single phone-loss event with a logged-in mail app exposes years of password handoffs to whoever picks up the phone.

PasteOnce was built for exactly this case. Paste once on your phone, send the link via your usual chat tool (the link itself is not sensitive — only the recipient who taps it sees the password), and the instant they tap to open, the encrypted blob is wiped from our Redis. Nothing remains on your device, theirs, or ours.

What goes wrong when send password securely is shared insecurely

iCloud and Google backups storing SMS forever. Both Apple and Google retain message history in encrypted cloud backups by default. A subpoena, account takeover, or simple shared-Apple-ID access reveals the entire history.
An unlocked phone leaking everything. Phones get briefly handed to friends, kids, and strangers. A glance at recent messages can expose years of casually-shared credentials — the screen-lock is not the boundary you think it is.
Forwarding chains. Once you send a password in a regular chat, the recipient can forward it. PasteOnce's one-time semantics break the forwarding chain — the link is dead the moment it is read.
Phishing impostors of family members. A compromised relative's account is the most common social-engineering vector for the older generation in particular. PasteOnce will not stop that, but the one-shot-then-gone semantics limit the value of any single intercepted message.

Send Password Securely

Client-side encrypted. We can't see your data.

Press Ctrl/⌘ + Enter to send0 characters

Expires in:

End-to-End Encrypted

Your data is encrypted in your browser before it leaves your device.

Self-Destructing

Messages are automatically deleted after being read once.

Zero Knowledge

We never see your data. Only encrypted blobs pass through our servers.

One-Time View

Links work exactly once. Refresh the page and it's gone forever.

How does send password securely work on PasteOnce?

Client-Side Encryption

Your sensitive data is encrypted in your browser using AES-256-GCM. The encryption key is generated randomly and never sent to our servers.

Secure Storage

Only the encrypted blob is stored in our database, with an automatic expiration time. We literally cannot read your data.

One-Time Read

When your recipient opens the link, the encrypted data is fetched and immediately deleted from our servers using an atomic Redis GETDEL. The key in the URL hash decrypts the message in their browser.

Best practices for send password securely

Use a different channel than usual

If you usually text, send the link via WhatsApp or email. The link's value to an attacker is zero unless they also have the recipient's device — but defense in depth is cheap.

Pick the 1-hour TTL, not 7 days

If your recipient is reachable, 1 hour is plenty. Do not pick 7 days as a default — every additional minute the ciphertext sits in our Redis is a minute of theoretical exposure.

Tell the recipient the link only works once

Set expectations before sending. 'This link only opens once — copy the code into your password manager when it appears' prevents the common confusion of 'I tapped to preview and now it is gone.'

Rotate after the handoff if it is a reusable password

If you sent a permanent account password (vs. a one-time recovery code), change it once the recipient has done what they needed. The cost is low; the upside is a clean audit trail.

Related Secure Sharing Tools

Share Password Securely Share WiFi Password Create Secret Message Link One-Time Text Message Self-Destructing Note Share 2FA Backup Codes Share Login Credentials Send Confidential Message

Real situations this is built for

Family member needs your account password mid-trip

You are abroad and your spouse needs to log into your music subscription on a hotel TV. PasteOnce the password, text the link, they tap once on their phone, the password appears, and nothing remains on either side.

Recovery codes to a trusted person

You are heading into surgery and want a sibling to have your 2FA recovery codes just in case. PasteOnce with a 7-day TTL — long enough that they can read it after the procedure, but it cleans itself up automatically.

Booking confirmation login to a travel agent

You hand a one-time-use account login to a travel agent so they can complete a booking. PasteOnce, send via email, link reads once, agent completes the booking, password is rotated next day.

Frequently Asked Questions

Can I send a password to multiple people at once?

Each PasteOnce link is single-use. Create one link per recipient — it takes seconds, and it gives you per-recipient signal: if one link goes unread, you know exactly who did not receive it.

Someone tapped the link by accident and now it is gone — can I retry?

Yes, just paste the password again and create a fresh link. The previous link is dead because the ciphertext was deleted on first read; the new link is independent.

What if the recipient screenshots the password?

That is outside our control — once the password is on their screen, what they do with it is their choice. For high-value passwords, change it after the handoff so any screenshot becomes useless.

Why not WhatsApp's view once feature?

WhatsApp's view-once messages are still stored on Meta's servers and are recoverable through their official process. PasteOnce is zero-knowledge — the message is encrypted in your browser before we ever see it, and we could not recover it if we wanted to.

Why secure send password securely matters

What goes wrong when send password securely is shared insecurely

iCloud and Google backups storing SMS forever. Both Apple and Google retain message history in encrypted cloud backups by default. A subpoena, account takeover, or simple shared-Apple-ID access reveals the entire history.

An unlocked phone leaking everything. Phones get briefly handed to friends, kids, and strangers. A glance at recent messages can expose years of casually-shared credentials — the screen-lock is not the boundary you think it is.

Forwarding chains. Once you send a password in a regular chat, the recipient can forward it. PasteOnce's one-time semantics break the forwarding chain — the link is dead the moment it is read.

Phishing impostors of family members. A compromised relative's account is the most common social-engineering vector for the older generation in particular. PasteOnce will not stop that, but the one-shot-then-gone semantics limit the value of any single intercepted message.

How does send password securely work on PasteOnce?

Client-Side Encryption

Your sensitive data is encrypted in your browser using AES-256-GCM. The encryption key is generated randomly and never sent to our servers.

Secure Storage

Only the encrypted blob is stored in our database, with an automatic expiration time. We literally cannot read your data.

One-Time Read

When your recipient opens the link, the encrypted data is fetched and immediately deleted from our servers using an atomic Redis GETDEL. The key in the URL hash decrypts the message in their browser.

Best practices for send password securely

Use a different channel than usual

If you usually text, send the link via WhatsApp or email. The link's value to an attacker is zero unless they also have the recipient's device — but defense in depth is cheap.

Pick the 1-hour TTL, not 7 days

If your recipient is reachable, 1 hour is plenty. Do not pick 7 days as a default — every additional minute the ciphertext sits in our Redis is a minute of theoretical exposure.

Tell the recipient the link only works once

Set expectations before sending. 'This link only opens once — copy the code into your password manager when it appears' prevents the common confusion of 'I tapped to preview and now it is gone.'

Rotate after the handoff if it is a reusable password

If you sent a permanent account password (vs. a one-time recovery code), change it once the recipient has done what they needed. The cost is low; the upside is a clean audit trail.

Real situations this is built for

Family member needs your account password mid-trip

Recovery codes to a trusted person

Booking confirmation login to a travel agent

You hand a one-time-use account login to a travel agent so they can complete a booking. PasteOnce, send via email, link reads once, agent completes the booking, password is rotated next day.

Frequently Asked Questions

Can I send a password to multiple people at once?

Each PasteOnce link is single-use. Create one link per recipient — it takes seconds, and it gives you per-recipient signal: if one link goes unread, you know exactly who did not receive it.

Someone tapped the link by accident and now it is gone — can I retry?

Yes, just paste the password again and create a fresh link. The previous link is dead because the ciphertext was deleted on first read; the new link is independent.

What if the recipient screenshots the password?

That is outside our control — once the password is on their screen, what they do with it is their choice. For high-value passwords, change it after the handoff so any screenshot becomes useless.

Why not WhatsApp's view once feature?