Secure Send

Securely send passwords or sensitive data

Would you recommend this product?
No reviews yet
How does this work? I'm concerned about the design of this solution, given that it's privy to passwords and things that need to be treated far more securely than normal messages. Are the messages stored on a server and later retrieved by the recipient? How does the encryption work? How do you ensure that third-parties can't access the information? Can server admins access the messages sent?
@theleoji We are addressing these issues through the separation of duties. Where no one person has access to the data and the associated encryption keys. We are also looking into some other options for people that might want to use a different workflow and their own key pair.
App uses two-factor authentication to make sure that the intended recipient is the only one who can read the message.
Securely send what now? ;)
@jondcallahan haha what do you mean ;)
@jondcallahan the problem we're trying to solve is sending something sensitive to a co-worker, family, or friends. For me this recently arose when I wanted to send my mom a password that I'd set for her cable account. I didn't want to just email it to her and doing it over the phone was difficult because it was a fairly complex password. Any feedback is appreciated. Our goal is to build something that's useful and integrates well with how we all work these days.
@jondcallahan I think I'm seeing what you are. the home feed shows "passwords" but without the "p"
@thejeremycarson @karlhills @bentossell Looks like the typo has been fixed now hahah
@jondcallahan That would be a totally different product :)
Been pretty happy with Dashlane for this purpose. Why is this better?
@livejamie I've run into some cases that require me to send data that isn't necessarily a username/password scenario. That's the most common situation, but other use cases might be less login related and more sensitive in a personal way. I can also see the need to send a document to someone in a secure fashion, which is something we've been thinking about for this service.
I was thinking about building such a product by myself for years because it eases a big pain that especially businesses have when they need to send passwords to their employees. In my early concepts I always struggled with the issue that the user can not trust the sending service to secure the message and to really destroy it as promised. My solution would have been client-side encryption and maybe an open source client or server. In the end I always went with sending the first part of a password over Slack DM and the second part as email through Gmail because I trust the security teams at Google and Slack more than the security team of a very small startup and distributing a split secret over different channels makes things more secure. But maybe I misunderstood your concept and you solved the trust issue. You not being able to see the unencrypted secret is the key and I think no one solved it, yet.
@skreutzb I agree that one of the major hurdles is trust. Another hurdle is making it easy to use for non-technical individuals that might not understand asymmetric keys, which would be something many technical users would be comfortable using.