Send text securely

Passwords are sent as an expiring encryted package that can only be read once.

• The password is encrypted in-browser using 2 related tokens issued by the server (the encrypted password is never sent to the server).
• A shareable URL is generated with the encrypted password package as a hash parameter (so it isn't sent to any server) and the first of the two tokens as a query.
• Once the link is shared with the recipient and they open it a request is made to the token server with the one token from the parameter. This retrieves the second token from the token server and the token pair is used to decrypt the password.
• When the second token is requested both tokens are deleted from the server meaning the encrypted password can only be decrypted once.