Secure Password Exchange: Stop Sending Secrets via Slack

Encryption

Secure Password Exchange

Published on January 24, 2026 by Vizava.pro

Don't send passwords through email or Slack anymore. Use temporary, client-side encryption to send secrets that will be deleted.

This happens in offices thousands of times a day. A coworker sends you a message on Slack that says, "Hey, can you send me the login for the marketing dashboard?"

You copy your boss's password without thinking, paste it into the chat window, and hit enter. You have compromised the credential in that split second. The password you used (Tr0ub4dor&3) was very hard to guess, but you just put it in a log file that will always be available on a third-party server.

This guide talks about why "convenient" sharing is bad for security and how to use Vizava's Bunker to set up a Zero-Knowledge dead drop for important passwords.

The Persistence Problem

Retention is the main problem with email, Slack, Discord, and SMS. These platforms are meant to keep track of history. They put every word in an index so you can find it. When you send a password by email, it is stored in four places right away:

1. The folder called "Sent."
2. The "Inbox" of the person who got it.
3. The logs of your email provider's server.
4. The server logs of the email provider of the person who got the email.

Backups and archives often last for years, even if you delete the email later. That password is visible in plain text if that email account is ever hacked, even ten years from now.

The "Context" Attack:

When hackers get into corporate Slack workspaces, they often run simple scripts that look for words like "password," "login," "creds," or "AWS key." When you paste a password into chat, you are giving future intruders the keys.

The Ephemeral Solution

The answer to the problem of persistence is ephemerality. A secret should only last as long as it takes to pass it on, and then it should be gone. People often call this idea a "Dead Drop."

Vizava does this through The Bunker. You send a link to a secure, encrypted vault instead of the password itself.

Encrypted Client-Side (AES-256)

Life Span 1 Read or 24 Hours

Knowledge Zero (Server Blind)

The data is cryptographically shredded as soon as the person who got it clicks the link and sees the password. If they (or a hacker) try to click the link again, it gives them a 404 error. The secret is out.

Deep Dive: Zero Knowledge Architecture

A lot of "secure link" services don't work right because the server makes the link and keeps the key. Your secrets are out if that service is hacked or subpoenaed. The architecture of Vizava is Host-Proof.

1. Encryption Happens LOCALLY

When you enter a password into Vizava's Bunker, your browser makes a random encryption key. It encrypts your text with AES-256-GCM using the Web Crypto API. This happens before any requests are made to the network.

2. The Server is Blind

Your browser sends the encrypted text to our database. We keep this bunch of random letters. We don't get the key. We can't read your secret even if we wanted to.

3. The Decryption Key

You (the sender) can see the key. You have to give this key to the person who needs it.

Encryption FlowJS Logic

                            // 1. The user types in "MySecretPassword"
                            // 2. The browser makes a key: "8x9d8f..."
                            // 3. Browser Encrypts: "MySecretPassword" + "8x9d8f..." -> "a7b2c9..."
                            // 4. The browser sends the server only "a7b2c9..."
                            // 5. The user copies the key "8x9d8f..." to the clipboard.
                        

Workflow: Step-by-Step Guide

This is the best way to share a high-value credential, such as a root database password, with Vizava.

Step 1: The Bunker

Open the Vizava Suite and go to The Bunker mode. Put your secret in the text box.

Step 2: Burn Settings

Turn on "Burn Immediately." This makes sure that the database entry is permanently deleted as soon as the link is clicked on. This stops "replay attacks," in which a hacker could look at your browser history to find the link later.

Step 3: Generate & Split

Press "Encrypt." You will be given two pieces of information:
1. The Link (where the encrypted vault is)
2. The Password (the key to open the vault)

Step 4: Out-of-Band Transmission

Send these two pieces of information through different channels for the best security.
For example: Send your coworker the Link by email. Send the Password through SMS, Signal, or Slack.

This method, called "Out-of-Band" verification, makes sure that even if someone hacks into your email, they can't open the vault because they don't have the key that was sent via Slack.

Security Comparison

How does Vizava stack up against other popular ways to share secrets?

Method Plain Text (Email/Slack) SECURITY: POOR

Method Password Protected PDF SECURITY: MEDIUM

Method Vizava Bunker SECURITY: HIGH

Plain text: Not a good choice for passwords. Persistent logs pose an indefinite risk.

Password Protected Zip/PDF: Better, but a pain. The person receiving it has to download a file. The file stays in their "Downloads" folder forever, and even if the password is weak, it can be easily broken into.

Vizava Bunker: Better because it doesn't last long. The secret goes away after you eat it. There is no file in the "Downloads" folder. There is no record in an email chain. The debt is no longer owed right away.