At some point everyone has to share a password. The Wi-Fi code for the flat. A streaming login with family. A work account handed to a colleague. The bank details for a one-off payment.
And almost everyone does it the same way: they text it, email it, or drop it into a chat. It works, but it leaves a copy of that password sitting in someone else's inbox or message history, indefinitely.
Why texting or emailing a password is risky
The problem isn't the moment you send it. It's everything that happens afterwards.
- It never goes away. A password in a text thread or email stays there for years. If that phone or account is ever lost, sold, or breached, the password goes with it.
- It gets forwarded. People copy and paste. A password you sent to one person can end up in three other places without you ever knowing.
- It's searchable. Anyone with access to the inbox can search "password" or "login" and pull up everything you've ever shared.
- It's backed up. Most messages and emails are synced to the cloud automatically. Your password is now sitting on a server too.
None of this matters until it does. The point of sharing a password securely is that you stop having to trust every future event you can't control.
The secure way: a link that self-destructs
The better approach is to never send the password itself. Instead, you send a link to it — and that link stops working once it's been opened.
Here's how it works in practice:
- You put the password into a service that encrypts it and gives you back a one-time link.
- You send the person the link, the same way you'd send anything else.
- They open it once and read the password.
- The link self-destructs. Anyone who finds it later — in the message history, in a backup, over their shoulder — sees nothing.
The key difference: a texted password is permanent. A self-destructing link exists only for the few seconds it takes the right person to read it, then it's gone for good.
Add a passcode for anything really sensitive
For most things, a one-time link is enough. For genuinely sensitive credentials — a bank login, a work admin account — you can add a second layer: a passcode on the link itself.
The trick is to send the link and the passcode through two different channels. Email the link, then text the passcode. Now even if one channel is compromised, the password stays safe — whoever intercepts the link still can't open it.
What to look for in a secure sharing tool
- Encryption at rest — the password should be encrypted on the server, not stored in plain text.
- One-time or expiring links — the link should stop working after it's read, or after a time limit you set.
- Optional passcode — a second factor for the things that matter most.
- A read notification — so you know the right person opened it, and roughly when.
- No account required for the recipient — they shouldn't have to sign up to anything just to read what you sent.
A simple rule to follow
If you wouldn't be comfortable with a password appearing on a billboard in five years, don't put it somewhere permanent today. A text thread is permanent. A self-destructing link isn't.
Privify Send creates an encrypted, self-destructing link for any password or private note. Set it to delete after one read or after a time limit, lock it with a passcode, and get an email when it's opened. It's included with every Privify plan. Get started from £1.99/month →
The bottom line
Sharing a password is unavoidable. Leaving a permanent copy of it in someone's inbox isn't. A link that self-destructs after it's read gives you the convenience of sending a message with none of the long tail of risk — the password is seen once by the person who needs it, and then it simply stops existing.
Share it with Privify Send
Create an encrypted link that deletes itself once it's been read. Add a passcode, set an expiry, and get notified when it's opened.
Get started — from £1.99/month →