This is pretty light on features and details.
When the use case comes up, I like to use https://github.com/pglombardo/PasswordPusher (online version here https://pwpush.com/). Which has generation, customizable # of visits, and a handful of other features.
Why is the Share button greyed out, but clickable? Did you vibe code this? (Those are two distinct questions, but yes, I was low-balling the effort that went into this web app.)
A fun side project I guess, but I would never trust this for anything. Why would I use this instead of an actual password manager that has password sharing functionality? That also would not save a pw in chat history and has the added benefits on real security and not being some random site.
Why does the "share" button upload the password to your server in plaintext?
I just use my password manager.
This generates a random password that can be shared via a one-time link. Why? What is the situation where this would be used?
Nice try, Satan.
solves a common problem. assuming there's a real crng generating them, the links expire in a short window, they aren't logged, and the hashes aren't computed for a commercial rainbow table, what are the specific security objections to this?
its like a vault secret without the authn friction.
Feedback: Input box gives zero clue that it is editable. Share button looks disabled button.
nice work. i've used https://onetimesecret.com/ for this kind of thing for several years
Honeypot?
openssl rand -base64 12
This is so, utterly, unspeakably, NOT a good idea to use.
You're trusting a third-party server with the plaintext of an actual secret. This violates nearly every principle of good modern security.
If the author had somehow built and documented (and proved) a true zero-trust model that enables this kind of interaction, then that might be cool. But that is not this. For all we know, the author (or an insider threat working at AWS) is collecting these passwords into a database for crackers to try first before proceeding to cracking password hashes.
There are so many other ways to do this. E2E encrypted messaging with disappearing messages (Signal) is the bare minimum. Keybase messages (also E2EE) are also a semi-decent option. 1Password password sharing is a decent usability step up from those. For all three of these options, barring a compromise of the (carefully guarded) process for shipping frontend code to users, the security design guarantees no visibility to a third party, and they have white papers that go into great depth to explain why.