What we do to keep
your data secure
SendPass provides you a way to safely share your passwords. Making sure your password stays secure is of the highest importance to us, that's why we implement several security measures that keep your data and our service safe.
Hashing the link
The one-time link is the URL that can be used to collect a password. This is why we make sure it's unique, random and safely stored. The link is client-generated.
There are more than 50-billion possible links. With brute-force protection, we try to recognize automated guessing and automatically block these attempts.
Before we store a link in our database, we hash it multiple rounds using the SHA-256 algorithm. We do this to make sure that no plain-text links can be retrieved from our database. Recipients who lose their link will therefore not be able to retrieve the password.
Double encryption
All passwords are encrypted twice before they are stored in our database.
Using Advanced Encryption Standard (AES-256-CBC), we first encrypt the password with a key that is a hash of the one-time code (which only the recipient and sender have access to).
Next, we use a encryption/decryption key which is maintained and stored on the servers of SendPass. The main benefit of encrypting twice is that, in order to decrypt a password, both keys need to be present. This means that even when somebody get access to the database, the passwords are still safe.
SendPass for Business
Use SendPass for Business to provide passwords to users and clients and apply company branding to increase trust and professionalism.