Securely Transmit a Secret [password]
“Help, Dick, Help!” exclaimed Sally. “I lost my password”
“Look, Jane, Look,” said Dick. “I emailed you your password.”
Jane sees her password.
Everybody sees her password.
Jane is sad. Dick is sad.
Transmitting secret information, such as a password, to a user across the Internet is often mishandled. One common way is to send the password through email. While on the surface, it appears that you are only sending the email to the intended recipient, email is not a secure mechanism. It is sent as plain text, meaning that anybody with some basic knowledge can intercept it along the way. Additionally, many other people may be able to see your password.
While there are some public solutions to transmit your password through the Internet, they rely on technologies I don’t use on a regular basis. Furthermore, I can’t guarantee the security of the secret repositories. So I fired up Visual Studio and tackled this on my own using HTML5, C#, and ASP.Net. Here is the result of my work:
You are presented with a basic screen with some helpful information. You can enter a password up to 100 characters long and click the Generate URL button. This will generate a URL that you can then send to someone.
Once you generate a URL, you are presented with more options. You can either click in the URL box to have your URL automatically selected so you can copy it to your clipboard. Alternately another input box is presented where you can enter their email address and have it sent directly to them.
Once you generate a URL, it will expire after it is clicked one time or after 24 hours have passed. The password is encrypted in a back-end SQL database so that even someone with direct access to the database is unable to retrieve it.
I hope you find this tool helpful and remember not to send passwords through unsecured mediums.