Disposable link for temporarily sharing passwords

I frequently find that I need to share a PW with clients or users, but obviously don’t want to send this as clear text in an e-mail.

How about integrating a feature into BW that would allow for users to generate a temporary disposable URL link that contains the password for limited viewing. Much like:
https://onetimesecret.com/
or
https://fugacio.us/

onetimesecret has a much smoother interface, but fugacious is open source (but they seem to have let their SSL cert expire) and allows for variable number of access times and longer life duration.

This would also be a means of promoting BW as recipients would get a link that would feature BW as a secure PW management tool.

This would be fantastic!

1 Like

This would be useful.
But how would it be secure?
It would probably be a good idea to get the person who shared the password to change it after the share expires?

One example, we got a solar energy consultant to quote us on an expansion of our solar power system and he asked for the login to view our generation stats. The web portal doesn’t provide the ability to export the stats, you have to go view them online, it also only has a single user, no ability to add secondary logins for other users.

We already use Bitwarden to share that login amongst the team who needs access to that information.

There’s no harm that can come from him going there, and I want him to have the info, but I don’t want him to have to install Bitwarden and sign up and then create an organisation and create a collection and have him accept the invite and then approve the acceptance and then share it with him on a permanent basis.

I just want him to have access to it through a link a few times for a week or so, and then when he’s done, I want to be reminded to go change that to something secure again.

Obviously anyone with access to his email or access to that link (perhaps he shares it) will be able to view the login information. - so I don’t see this being a secure feature, it’s more of a simple convenience with a thin layer of security in that the actual password isn’t in clear text in any emails, and won’t be there FOREVER incase his or my email - or backups of that email - is ever compromised.

So to me, in this scenario the reminder to change the details after the share expires is a critical feature.

1 Like

Privatebin.info is a better implementation of onetimesecret and fugacio.us
Both of these use Server-Side encryption, which means the server receives it in plaintext at some point.

instead, Privatebin encrypts the secret client-side and stores the encrypted data on the server. it uses the # (shard) in an url to make the decryption key only available clientside, without having to send it to a remote server. The only downside to this is the requirement of JavaScript to decrypt the content

1 Like

as a user i want to share secrets or notes.
i want to have the possibility to set a view-count and an expiration time (in 12h for ex.) of the sharing period.
optionally a possibility to set a pin code.

after the sharing period i want to receive a notification in BW to change my secret.