Using passwords is the fundamental way to keep all our physical and intellectual property safe. Sometimes passwords need to be shared with other users. But passwords must always remain secure.
One way of sharing the password is to tell the other person verbally. But if you want to share passwords over the Internet, certain precautions must be taken to share passwords securely.
The secure password best practice is to use a random password generator and not use one password in two or more places.
Password Pusher and Heroku can be used to share passwords securely over the Internet. You can customize the expiry time and view count of the shared password.
Let us dig further into the details of what these are and how they can be used to share passwords over the internet securely.
Password Pusher is an online website that lets you share your password through a generated link that can only be viewed for a set number of times, for a set number of days. After that, the link automatically expires, and the password is no longer accessible.
What you do is visit the website, enter the password that you want to share, set the sliders below to configure the number of views and the number of days before the link expires (whichever comes first), and then click Push it! Note that if you share the password through apps like Microsoft Teams or Skype, set the minimum views to 2. This is because one view is counted when the app adds the preview to the shared link.
You shall then be presented with a link that you may share with the person you want to share your password with. They can then access this link to look at the password through any web browser.
Once the link has been accessed after the set number of days or more times than permitted, anyone accessing the link will be prompted with the following:
Although the method for password sharing is secure, the website might not be. We cannot trust the owner of the website not to store a copy of our passwords. Therefore, we shall be using our own version of Password Pusher, of which we have complete control over, assuring us that our password(s) are indeed protected.
Heroku is a cloud-based provider that takes care of the server, and any user can deploy their application(s) there. It is also free to use for miniature applications that do not take up a lot of space. This cloud platform is the perfect infrastructure to host your own version of Password Pusher.
Thankfully, the creator of Password Pusher was kind enough to create a template of Password Pusher on Heroku so that we would not have to configure it ourselves. We can configure the settings, deploy the application with complete control, and then enter the password to be shared. The self-deployed website will then provide us with a link against the password, which can be shared with any person, like in the original Password Pusher website.
Now that we have gone through the concept, let us begin deploying our very own Password Pusher and then generate a link.
- First, you need to signup on Heroku and create an account or simply login if you already have one. If you’re signing up, fill in the form and click Create free account.
- You will now be prompted to verify your email address. Go to your email, open the from Heroku and click on the link to activate your account.
- You will now be rerouted to another page. Here, enter and confirm the new password for Heroku, and then click Set password and login.
- Once you’re logged in, go to the deployment template for Password Pusher and enter the App name. Note that this name needs to be unique.
- Now continue down the page and modify any fields you wish to alter. The following options are critical and need to be managed by you:
- Expire_after_days_default: Expiration days for link after generating it.
- Expire_after_days_max: Maximum expiration days for link after generating it.
- Expire_after_views_default: The number of times the password can be view through the link before it expires
- Payload_initial_text: The password you want to share
Once done, click on Deploy app.
- The application will now start deploying itself on the Heroku cloud. This step might take a few minutes to compile and execute the app. Once it is done, you will be presented with something like the one below:
This means that the application has been deployed successfully. You may now click on Manage app to change any configurations you had made or click on View to access the application interface. However, we encountered an error with the View button as it was not responding. The application was still accessible through the Manage app button and then clicking on Open app.
Now you can generate a link for the entered password through the self-deployed Password Pusher, the same as on the original website. The configurations for the link can also be altered from here.
It is reasonable to not go through all this hassle and share a password with someone over a messaging app, such as WhatsApp, and then delete the text later. However, you are still taking the risk of uploading your password to a third-party database that is not in your control.
Sharing passwords through the combination of Password Pusher and Heroku has made the task much more reliable. Neither would it be exposed to any third-party database, nor would it remain active any longer than you want it to!
Editor’s note: Using password managers like Lastpass and 1passwords can also be useful to not only share passwords but synchronize shared passwords across your family members or colleagues.