[hagreet]

I don't understand the threat model here. The link needs almost the same kind of protection as the original password. The only difference is, that the link expires.

So how do you transmit those links securely and why didn't you use that for your passwords in the first place?

[ryandvm]

I think the key is that the message would be deleted by the server after ONE use. So... you send the link via whatever mechanism you want (Slack, SMS, email, etc.). If a man-in-the-middle intercepted it, they need to follow the link to decrypt it, thereby expiring the message. So if the recipient gets a dead link, then you know security has been compromised.

The main issues here are:

* You have to trust the client implementation to not surreptitiously record the one-time key (for both sender and receiver).

* You have to trust the site operator to actually expire the message after one use.

* Whatever secret you are transmitting MIGHT get intercepted, but at least you would know about it.

I briefly toyed with the idea of creating almost the exact same service - even down to using the URL hash to hide the secret. But at the end of the day, the concept has too many flaws for the security conscious and is too annoying to use for the layman.