I’ve been doing a lot of research recently on secure methods of password sharing. Being in IT, I have to share many passwords each day and also have passwords shared with me by clients.

My favorite so far is ZeroBin. It is no-frills, open source (so anyone can vet it), and fairly simple. It requires no database and doesn’t store any information in a database. It is as simple as downloading the components, throwing it on a web server and going to the index page. That’s it. I did it on my server here and have been using it personally with no issues.

You can set messages / data to delete after a certain amount of time, like 5 or 10 minutes, or longer… 10 – 30 days.

How is this secure?

  • The text or data is encrypted & compressed inside the browser, then sent to the server already encrypted
  • The server has the encrypted data and that is all
  • The text is encrypted inside the browser. The encrypted data is sent to the server, while the encryption key does not get sent. Therefore even if a server was compromised, nothing could be done with the data
  • The encryption key is part of the URL and that is what unlocks the data

Diagram below

zerobin