Imagine I send my friend a password for something. If I put the password in a text message, it will probably still be sitting in their text messages for the next several years. A copy of the password will be on their phone, their text provider’s servers, and maybe various middlemen servers, I don’t know. That information could be accessed by a hacker, rogue employee, or third person who is using the friends device (or a court!) not just when it’s sent, but years in the future.
If I send a link like this proton one, the link itself will have the same problems as a plaintext password would. The difference is that I, the user, retain control over whether that link leads to anything. I can turn off the link so even though some adversary has it, it’s useless to them.
What this does not protect against is if the intended recipient misuses the sensitive information, but that’s a different problem.
Imagine I send my friend a password for something. If I put the password in a text message, it will probably still be sitting in their text messages for the next several years. A copy of the password will be on their phone, their text provider’s servers, and maybe various middlemen servers, I don’t know. That information could be accessed by a hacker, rogue employee, or third person who is using the friends device (or a court!) not just when it’s sent, but years in the future.
If I send a link like this proton one, the link itself will have the same problems as a plaintext password would. The difference is that I, the user, retain control over whether that link leads to anything. I can turn off the link so even though some adversary has it, it’s useless to them.
What this does not protect against is if the intended recipient misuses the sensitive information, but that’s a different problem.