About passpass.co

A free, secure way to share passwords without leaving them exposed in emails, chats, or text messages.

The Problem

People share passwords in plain text every day — over email, Slack, text messages, and more. All it takes is one compromised inbox or chat history, and that password is exposed. It's a habit that puts everyone at risk, and it happens far too often.

How passpass.co Works

passpass.co gives you a simple, secure alternative. Here's exactly what happens when you use it:

  1. You enter a password — Type or paste the password you need to share. We encrypt it immediately using AES encryption before storing it in our database. The password is never stored in plain text.
  2. You get a unique link and PIN — We generate a one-time URL with a UUID (a long random identifier) and a separate 4-digit PIN. You share both with your recipient through whatever channel you prefer.
  3. Your recipient reveals the password — They open the link, enter the PIN, and see the password. They have 60 seconds to copy it before it's removed from the screen.
  4. The password self-destructs — After the password is revealed, it's permanently deleted from our database. Even if someone finds the link later, it's useless.

Security Details

We've designed passpass.co to minimize risk at every step:

Encrypted at rest

Passwords are encrypted with AES before being stored. We never store plain text.

HTTPS only

All traffic is encrypted in transit. The site is only accessible over HTTPS.

No linked accounts

Passwords are never associated with a username, website, or account. Even if intercepted, it's just a random string with zero context.

PIN protection

A separate 4-digit PIN is required to reveal the password. The link alone is not enough.

Brute-force protection

After 2 failed PIN attempts, the password is permanently destroyed. Rate limiting prevents rapid guessing.

Auto-expiration

Passwords are automatically destroyed 24 hours after creation, whether or not they've been viewed.

60-second reveal window

Once revealed, the password is removed from the screen after 60 seconds and deleted from our database.

No logs, no backups

We don't log passwords and don't keep database backups. Once a password is destroyed, it's gone forever.

Why It's Free

passpass.co is a free tool built and maintained by Bluejay Labs. We build it because password sharing should be safe by default, not a premium feature. It also lets people discover our other products.

Built by Bluejay Labs

We build focused web products that solve real business problems.

htmlsig.com
Email Signature Generator

Create professional email signatures for your team. Promote your brand with every email.
qrdex.io
QR Code Generator

Create dynamic QR codes with your logo. Track scans and manage campaigns from one dashboard.
businesscards.io
Digital Business Cards

A business card you keep on your phone. Share contact info instantly via Apple & Google Wallet.