Skip to content

Tools & Resources

Updated June 14, 2025

Send sensitive information via insecure communications

Use 1Password whenever possible

1Password has a built-in tool to share any entry that it contains.

See How to safely share a password.

pwpush.com (aka Password Pusher) is a browser-based tool for securely sharing sensitive info like passwords, text, social security numbers, health-related data, or URLs via a secret one-time link that auto-expires. It’s designed as a safer alternative to email or chat systems.

Password Pusher takes a lifecycle-focused, privacy-first approach to sharing secrets: encrypt on upload, restrict access, auto-delete on expiry, and log everything. Whether you use the free hosted service or self‑host, it offers a secure, flexible solution far better than email or chat for sensitive data transfer.

How to use

  1. Go to https://pwpush.com.
  2. Enter the sensitive information in the large input field in the Password & Text tab.
  3. Set expiration options. We suggest 1 or 2 days, and 4-5 views.
  4. Add extra security — OPTIONAL
    • Require a passphrase to open the link (the Passphrase Lockdown field).
    • Choose to receive notifications if the link is viewed (if you create an account and login).
  5. Click Push It! and you're done!
    • The site will generate a unique link (e.g., https://pwpush.com/p/abc123), you can click on the clipboard icon to copy the link and paste it anywhere you want.
    • Send it via secure channels (e.g., chat, email, SMS).
    • If using a passphrase (Passphrase Lockdown), share that separately.
    • Once the set view limit or time is reached, the link and data are deleted permanently.

How is it safe?

  1. Create a “Push”: Sender uploads the secret (text, file, URL, QR) and sets expiration limits—e.g. time duration or view count.
  2. Unique Secret URL: System returns a link like https://pwpush.com/p/xxxxx, encrypting the content so that only someone with that link can access it.
  3. Auto-deletion: Once link is viewed enough times or expires, the content is permanently and securely deleted.
  4. Audit logs: Logged activities—creation, views, expiry, deletions—are accessible indefinitely for accounts.
  5. Encrypted storage: All sensitive data are encrypted before storage and removed upon expiration.
  6. Compartmentalization: Best practice is to send username, password, and login URL separately in distinct pushes.
  7. Passphrase lockdown: Optional passphrase requirement adds extra security and is logged.
  8. Customizable & open-source: Hosted version available, or self-host via Docker; source code under Apache‑2.0 license.

Password & passphrase generators

  1. 1Password's password/passphrase generator online
  2. useapassphrase.com

Test a password's strength

useapassphrase.com is a client-side, browser-based tool for generating secure random passphrases. It runs entirely in your browser with no data sent to servers—and suggests using passphrases (e.g., “logic finite eager ratio”) instead of complex random passwords, as they provide similar or greater security but are far easier to remember.

Here's a quick breakdown:

  1. Offline, privacy-focused: Everything runs locally in your browser; nothing is transmitted.
  2. Diceware‑style approach: You can optionally provide your own entropy source (like dice and a printed wordlist).
  3. Security vs. memorability: It compares crack times of passphrases vs. random-character passwords, demonstrating that a four-word phrase can be as secure but much easier to recall.
  4. Educational advocacy: The site also recommends following strong password practices—using a password manager, unique passphrases per site, and plenty of length and randomness.

In short, useapassphrase.com is a lightweight, secure, educational tool for creating memorable yet robust passphrases without sacrificing privacy or usability.

Has an email address been pawned?

haveibeenpwned.com is a free online service that allows users to check if their personal data (like email addresses or usernames) has been exposed in known data breaches. Created by security expert Troy Hunt, the site aggregates breach data and makes it easy for individuals and organizations to:

  1. Check exposure: See if their email or domain has appeared in any known data breaches.
  2. Monitor breaches: Sign up for notifications if future breaches include their information.
  3. Search past breaches: Browse publicly disclosed breaches to understand the scope and impact.

It’s a privacy-focused, educational tool aimed at raising awareness about data security and helping users take proactive steps to protect themselves online—without storing or exposing sensitive information.

Has a password or passphrase been pawned?

haveibeenpwned.com/passwords is a tool that lets users check whether a specific password has appeared in known data breaches.

Key Features:

  1. Password exposure checks: Enter a password to see if it has been compromised (no identity is linked).
  2. Privacy-focused: Uses k-Anonymity, so your full password is never sent to the server.
  3. Massive breach database: Contains hundreds of millions of leaked passwords from real-world data breaches.
  4. Developer-friendly API: Can be integrated into apps or websites to block unsafe passwords at sign-up or login.

It’s a simple, secure way to avoid using passwords that are already known to attackers.