[jc_sec]

Lol, its not equivalent because its a link that deletes itself automatically after X days and X views. In a scenario where an email/slack/etc account becomes compromised down the road a password sent in plaintext is immediately compromised where as a password shared with pass.sh has expired and is no longer a valid link.

If you cant understand the very basic security control there then I really can't help you. You sound like someone who has been stuck in IT too long.

You are kidding yourself if you think relying on over a support agent to verify identity is better than the solution here. Humans are inherently fallable as social engineering has proven time and again.