How It Works
The sharer provides a password and an email address for the recipient. SharePass uses the email address to encrypt the password on the client. The client sends the encrypted password to the server and associates it with a secure token. SharePass stores the token and the encrypted password in the database. SharePass then uses the token to create a one-time use link and present it to the sharer. If the sharer did not check the "send to recipient" box when creating the password entry, then the sharer must send the link to the recipient manually. If the sharer checked the "send to recipient" box, then SharePass will send the link to the recipient automatically. When the recipient visits the shared link, SharePass embeds the encrypted password in the resulting page and permanently removes all password related data from the database. SharePass then prompts the recipient for their email address and uses it to decrypt the encrypted password on the client. In addition to the share link's self-destruct mechanism, SharePass has a configurable time-to-live (TTL) for encrypted password data, after which SharePass destroys expired data.
I recommend always using something like PGP to transmit sensitive data. However, in the event that a password must be transmitted where traditional encryption methods are unavailable, then SharePass can help reduce (not eliminate) the risk. Even though SharePass implements controls to protect against caching and man-in-the-middle attacks, there are still ways that a malicious party can compromise passwords. For example, someone with access to the server and database could compromise any password shared using the "send to recipient" option. A man-in-the-middle, or someone with access to a recipient's email account, could compromise a password by capturing the shared link and email address and using them fast enough to avoid the TTL and self-destruct mechanism. SharePass is not a fully secure means for transmitting passwords. It is merely a safer way to share passwords in a restricted environment.