Proton Pass now allows you to securely and easily share expiring links to your credit cards, logins, and notes.
from the team:
Hi everyone,
Thanks to your ongoing feedback, we’re pleased to introduce Secure Link Sharing in Proton Pass for all Proton Pass paid plans.
You asked for a simpler way to share a single item, like streaming passwords, family notes, and credit cards, and now you can! Complete with a configurable expiry.
Easy as copy and paste: Easily generate, update, or delete secure links with just a few clicks in any app.
You’re in control: Set an expiration date for the link (from one hour to 30 days) or limit the number of accesses.
Encrypted at all times: Secure links are end-to-end encrypted, ensuring only you and the people you share with can access your data.
This feature is rolling out progressively to all users on paid plans, starting first with Lifetime, Visionary, and Unlimited users. It will be available to everyone in the coming days.
Unfortunately, in most cases people share these sensitive items using methods that are inconvenient and not secure, such as text message or email. This makes it difficult to restrict access in the future, and whenever you update your password or other item details, you have to resend the information.
Imagine I send my friend a password for something. If I put the password in a text message, it will probably still be sitting in their text messages for the next several years. A copy of the password will be on their phone, their text provider's servers, and maybe various middlemen servers, I don't know. That information could be accessed by a hacker, rogue employee, or third person who is using the friends device (or a court!) not just when it's sent, but years in the future.
If I send a link like this proton one, the link itself will have the same problems as a plaintext password would. The difference is that I, the user, retain control over whether that link leads to anything. I can turn off the link so even though some adversary has it, it's useless to them.
What this does not protect against is if the intended recipient misuses the sensitive information, but that's a different problem.