About

Read more about how you can use SendPass to share passwords en what we do to protect your data.

What we do to keep your data secure

SendPass provides you a way to safely share your passwords. Making sure your password stays secure is of the highest importance to us, that's why we implement several security measures that keep your data and our service safe.
Hash one-time code

One-time code

The one-time code is the key for collecting a password, that's why we make sure it's unique, random and safely stored. There are more than 1.8 billion possible code-combinations. With brute-force protection, we try to recognize automated guessing and automatically block these attempts.

Before we store your one-time code in our database, we hash it multiple rounds using the SHA-256 algorithm. We do this to make sure that no plain-text one-time codes can be retrieved from our database.

Recipients who lose their one-time code will not be able to retrieve the password.

Hash one-time code
Double encrypted

Encrypted twice

All passwords are encrypted twice before they are stored in our database. Using Advanced Encryption Standard (AES-256-CBC), we first encrypt the password with a key that is a hash of the one-time code (which only the recipient and sender know). Next, we use a encryption/decryption key which is maintained and stored on the servers of SendPass.

The main benefit of encrypting twice is that, in order to decrypt a password, both keys need to be present. This means that even when somebody get access to the database, the passwords are still safe.