Read more about how you can use SendPass to share passwords en what we do to protect your data.

What we do to keep your data secure

SendPass provides you a way to safely share your passwords. Making sure your password stays secure is of the highest importance to us, that's why we implement several security measures that keep your data and our service safe.

One-time link

The one-time link is the URL that can be used to collect a password. This is why we make sure it's unique, random and safely stored. There are more than 50-billion possible links. With brute-force protection, we try to recognize automated guessing and automatically block these attempts.

Before we store a link in our database, we hash it multiple rounds using the SHA-256 algorithm. We do this to make sure that no plain-text links can be retrieved from our database.

Recipients who lose their link will not be able to retrieve the password.

Hash one-time code
Double encrypted

Encrypted twice

All passwords are encrypted twice before they are stored in our database. Using Advanced Encryption Standard (AES-256-CBC), we first encrypt the password with a key that is a hash of the one-time code (which only the recipient and sender know). Next, we use a encryption/decryption key which is maintained and stored on the servers of SendPass.

The main benefit of encrypting twice is that, in order to decrypt a password, both keys need to be present. This means that even when somebody get access to the database, the passwords are still safe.