A translucent envelope closed with a red wax seal, a brass key sealed beneath it
Security Guide
June 2026

How to Send a Password Without Putting It in an Email

Sometimes you need to hand someone a password, a login, or a reference number. Email is the obvious way and the wrong one. Here is the safer way, and when it is worth the bother.

FS
FileSeal Security Team
· 5 min read

The Short Version

An emailed password sits in two inboxes until someone deletes it, which is to say forever. A secure note hands the same text over through a one-time encrypted link: the recipient reads it once, and it deletes itself. Keep it zero-knowledge and the key never reaches us, so not even FileSeal can read the note.

1

Why Email Is the Wrong Tool

Say a client needs the password to a shared folder, or a new starter needs their first login, or you have to pass on a reference number for an account. The quickest thing is to type it into an email. The trouble is what happens next. That email is copied onto every mail server between you and them, then it lands in their inbox and a copy stays in your sent folder. Nobody ever goes back and deletes it.

So the password is now in at least two accounts, indefinitely. If either inbox is ever breached, or a laptop is left unlocked, or the account is simply still logged in on an old phone, the password is right there to read. Text messages and chat apps are a little better but not much: the message still sits in the thread on both devices and in whatever backup the app makes.

The problem is not that email is unencrypted in transit, though often it is. The problem is that email is built to keep things. A password is the one thing you want to disappear the moment it has been read.

2

What a Secure Note Does Instead

A secure note is the same short piece of text, sent a different way. In FileSeal you open the send window, switch from sending files to sending a note, and type it in. You get back a link. When the recipient opens that link the note appears once, and then it is gone: the link stops working and the note is wiped from storage. If they never open it, it expires and is deleted anyway.

The text is encrypted with AES-256 in your browser before it leaves your device, so it crosses the internet and sits in storage as scrambled data rather than a readable password. There is one copy, it opens once, and it does not linger. That is the whole idea.

One-time means one time

Because the note can be opened only once, a misclick can use it up. If the recipient opens the link, glances away, and the note has already cleared, it is gone and you will need to send a fresh one. That is the price of it not hanging around. Send the link to the right person, and tell them to have it open when they are ready to read.

Secure your practice

Send a Secure Note Free

Create a free FileSeal account and send your first encrypted, one-time note. Your first five sends are free, no card required.

Start Free
3

Share the Link, or Have Us Email It

There are two ways to get the link to your recipient, and they make a real difference to who can read the note.

Get a link (Most private)

The key that unlocks the note lives inside the link, in a part of the web address that browsers never send to a server. We store a scrambled note we cannot open. You pass the link on yourself, by message, by phone, however you like.

Email them (Easiest)

We email the recipient a working one-time link. To make that link open on its own, we hold the key, so in this mode FileSeal can read the note. It is still encrypted, one-time, and self-deleting, just not private from us.

For an actual password, ‘Get a link’ is the one to reach for, and share the link over a different channel than wherever the account lives. We pull the two options apart in more detail in this guide to Get a link versus Email them.

4

When a Note Beats a File

FileSeal started as a way to send and collect documents, and most of the time a file is what you want. A note is for the cases where putting the text in a document would be silly: a password, a one-off login, a reference or account number, a short instruction with a date of birth in it. Things that are a sentence long and would be a liability in an inbox.

If you are sending a contract or a statement, send a file. If you are sending the username and password someone needs to log in, send a note and let it delete itself. Same encryption, same one-time link, less to clean up.

Stop Emailing Things That Should Disappear

Create a free FileSeal account and send an encrypted, one-time note in under a minute. Choose 'Get a link' to keep it zero-knowledge, or have us email the link for you.

FS
FileSeal Security Team

Written by the FileSeal security and compliance team. We specialise in document security, GDPR compliance, and data protection for UK professionals. Our guides are reviewed by industry practitioners and updated regularly.

🔒 Document Security Specialists🇬🇧 UK-based