SecurityJanuary 2026 • 2 min read

One-time secret links: secure password sharing

Need to send a password to a client or coworker? Don't use email or Slack.One-time secret links let you share credentials securely—the link self-destructs after viewing.

Why Regular Messaging Is Dangerous

Passwords sent via email sit in inboxes forever. Slack messages are searchable by anyone in the workspace. Screenshots happen. Accounts get compromised. Every password you send in plain text is a security incident waiting to happen.

How one-time links work

1
You enter the secret — Password, API key, credentials, or any sensitive text
2
System generates a unique link — Secret is encrypted and stored temporarily
3
You share the link — Via any channel (email, Slack, text—it's just a link)
4
Recipient opens link — Secret is displayed and immediately deleted
5
Link expires — Can never be used again (even by you)

Why this is more secure

One View Only

The secret can only be viewed once. If someone intercepts the link, the legitimate recipient won't be able to view it—alerting you to compromise.

Time-Limited

Links expire after a set time (usually 24 hours) even if never viewed. No forgotten passwords sitting in links forever.

Encrypted Storage

The secret is encrypted at rest. Even if the database were compromised, the actual passwords remain protected.

No Storage History

Unlike email or chat, there's no permanent record. Once viewed, the secret is gone from the system entirely.

When to use one-time links

Sharing login credentials with new team members
Sending API keys or service credentials to developers
Providing WiFi passwords to guests or contractors
Sharing temporary access codes
Sending any sensitive information that shouldn't persist

Share secrets securely

BBos password vault includes one-time secret link generation.

No credit card required • Full access to all features • Cancel anytime