Securely Send and Receive Passwords

To securely send a one-time password.

The following is based upon SnapPass (https://github.com/pinterest/snappass) and we host it on a dedicated Web Server. It allows passwords to be sent securely as opposed to sending them via email. Once the recipient receives the email, they can only view it once and if not viewed, the URL will expire after 1 week, 1 day or 1 hour.

The service is totally free to use for either business or personal use.

It is also useful in situations when someone is sending you a password. Because the process is so simple you can just direct them to the URL and ask them to generate a link and send it to you. Much more secure than them emailing you the password.

‍

To send a secure password

Start a web browser and go to the following URL – https://secure.intersect.co.uk

Which displays this page.

‍

‍

Enter the password in the box and optionally change the expiry date on the URL. The default expiry time of a URL that has not been viewed is 1 week. This can be reduced to 1 day or 1 hour.

‍

‍

Clicking on the Generate URL button will generate a URL link like below which you can then email to the intended recipient.

‍

Viewing the password

Once the recipient receives the link that you have sent, it will take them to a browser screen which looks like this…

Clicking on the Reveal secret button shows the password.

Clicking on the Blue button copies the password to the computer’s clipboard.

Once the password has been revealed the link will no longer work and if it is clicked on again it will display the following message.

‍

About SnapPass (from the developers)

SnapPass is open source software which was created and is maintained by a development team at Pinterest. This is what they say about the software

It’s like SnapChat… for passwords.

This is a web app that lets you share passwords securely.

Let’s say you have a password. You want to give it to your coworker, Jane. You could email it to her, but then it’s in her email, which might be backed up, and probably is in some storage device controlled by the NSA.

You could send it to her over chat, but chances are Jane logs all her messages because she uses Google Hangouts Chat, and Google Hangouts Chat might log everything.

You could write it down, but you can’t find a pen, and there’s way too many characters because your security person, Paul, is paranoid.

So we built SnapPass. It’s not that complicated, it does one thing. If Jane gets a link to the password and never looks at it, the password goes away. If the NSA gets a hold of the link, and they look at the password… well they have the password. Also, Jane can’t get the password, but now Jane knows that not only is someone looking in her email, they are clicking on links.

Anyway, this took us very little time to write, but we figure we’d save you the trouble of writing it yourself, because maybe you are busy and have other things to do. Enjoy.

Security

Passwords are encrypted using Fernet symmetric encryption, from the cryptography library. A random unique key is generated for each password, and is never stored; it is rather sent as part of the password link. This means that even if someone has access to the Redis store, the passwords are still safe.

‍

‍