SafePass is an application to communicate passwords or any other sensitive information over the web. It generates links that expire after a certain number of views or time has passed.
One of our core values at Fisheye is sharing our knowledge. So often we see people sending passwords using insecure methods. We decided it was about time to come up with a FREE service, available to EVERYONE, that would allow users to share secrets easily and in a secure way.
Yes, SafePass is free and available to everyone at www.safepass.nz
We take cybersecurity very seriously and strongly believe that user mistakes are the most common cause of attacks. We wanted to make sure there are no excuses why anyone should keep sending sensitive data insecurely after hearing about SafePass.
Absolutely not, but of course passwords are the first thing that comes to mind when thinking about sensitive data. You can use SafePass to securely share other things like credit card details, your super-safe-vault’s combination, or a love message to your significant other.
In fact, we’re keen to hear what other people might be finding it useful for so feel free to share your ideas at firstname.lastname@example.org
Yes, SafePass is FREE (have we already said that?) and available to EVERYONE. We not only encourage you to use it… we’d also appreciate if you spread the word and tell your colleagues, friends and family how SafePass has entirely changed your life and how much better you’re sleeping at night since you started using it!
We do our best to keep our clients and the community safe and secure, but we’re not reinventing the wheel here. SafePass is powered by pwpush, a free open source project written by Peter Giacomo Lombardo.
If you’re interested in finding out more about why you should be using SafePass instead of other methods to send sensitive information, you can continue to read below, otherwise just tell your friends and family how great SafePass is, and please make sure to not send another password using email ever again!
Whenever you have to send something confidential to a colleague or friend, you don’t want that information to persist indefinitely. Depending on how you choose to transmit that information, it could potentially sit around forever and be exploited by others long after you’ve forgotten what you’ve sent.
Most people immediately think of email or one of the many chat systems as a method for sending information. Email has some inherent security drawbacks, some of which are not that evident:
1. Email is inherently insecure and can be intercepted at multiple points of delivery by malicious entitities.
2. Emailed passwords are usually sent with context to what they go to which is equivalent to a free tip to any malicious entities.
3. The email addresses and headers can give a clue to what the password may go to (such as company or corporation).
4. Emailed passwords live in perpetuity (read: forever) in email archives.
5. Passwords in email can be retrieved and used months or years later if an email account is eventually compromised.
6. After an email is sent, you have zero control on the where, when and how long that email will exist for.
As for chat systems, some are more secure than others, but regardless, all of them have some drawbacks as well:
1. A compromised account can access sensitive information posted months or years ago
2. Companies and organizations are often required by law to maintain chat logs for some period of time.
3. Chat systems leave a local cache on devices that can often be accessed outside of the chat software.
So given all of the complexities and drawbacks above, what would be the ideal solution?
The best case scenario for transmitting a secure password would have the following features:
1. The location of the password would be secret and known only to you and whom you communicate it to.
2. The password would be stored encrypted and if transmitted, over an encrypted line (HTTPS).
3. If left untouched, the password would automatically expire and delete itself after a number of views or days has passed.
4. The end user can delete the password as acknowledgement once they successfully retrieve it.
5. You could manually delete the password entirely yourself at anytime.
SafePass is a solution to solve issues with the sharing of credentials. We’re confident it’s the best solution to communicate passwords securely.
With SafePass, the password is stored at a secret URL which then expires after a certain number of views or days (whichever occurs first).
Here are some of the highlights:
1. Passwords expire after a number of views or days
2. Pushed passwords are stored encrypted
3. Location of the password is secret and known only to you and who you communicate it to.
4. The end user can delete the password as acknowledgement once they successfully receive it.
5. Optional 1-click preliminary retrieval step to avoid URL scanners
Hopefully all of the above is enough for anyone reading it to stop using insecure methods to send credentials over the internet...
Thank you for using SafePass and spreading the word!