Anotas.online
← Back to blog

How to Send Passwords Securely Without Email or Screenshots

2026-05-13 · 6 min read

Sending a password over email or sharing it in a screenshot is something almost everyone has done. It is fast, it works, and it feels harmless. But both methods create permanent copies of information that was meant to be temporary. There is a better way — and it does not require installing anything or creating any account.

Why email is a terrible channel for passwords

Email was designed for communication, not for secrets. When you send a password by email, that information is stored on your provider's server, on the recipient's server, in the search history of both email clients, in corporate archiving systems if it is a work account, and most likely in some backup that neither of you controls.

Many email services also scan message content for advertising or model training purposes. A password sent today can live in an indexing system for years. Even if the recipient deletes the message, you still have the sent copy, and the server still has its own.

Why screenshots are even worse

A screenshot of a password feels more secure than text because “you cannot copy it directly.” In practice, it is far more dangerous. Images get shared without thinking, sent over chat, automatically uploaded to the cloud (iCloud, Google Photos, OneDrive), shown in previews, and forwarded with a single tap.

Modern OCR services — including those built into some password managers and camera apps — can extract text from images automatically. A screenshot of a password is, for practical purposes, just as readable as plain text.

What is a one-time secret and when does it help

A one-time secret is text that self-destructs after being read once, or after a set amount of time. The core idea is that the information exists only for as long as it takes the recipient to receive it.

These are especially useful for initial account passwords, temporary access tokens, and credentials that should change after the first login. Their main limitation is one: if your chat app's link-preview system opens the URL automatically to generate a thumbnail, the secret is consumed before the actual recipient ever sees it.

The practical alternative: a password-locked note

For most everyday use cases — delivering a password to a client, sharing credentials with a coworker, sending login details to a family member — a password-protected note offers the best balance between security and usability.

The workflow with Anotas.online is straightforward:

  1. Write the password (or any sensitive information) into the note.
  2. Set an access password — something you can communicate verbally or through a different channel.
  3. Copy the link and send it by email, chat, or wherever you prefer.
  4. The recipient opens the link, enters the access password, and sees the content.
  5. If you change the note or let it expire, the link stops working.

What travels through the insecure channel (email, chat) is only a link to locked content. The actual password never appears in plain text in any message.

The separate-channel rule

Whatever method you use, there is one rule you should never break: the link and the access password must travel through different channels.

  • Send the link by email → give the access password by phone or SMS.
  • Send the link over WhatsApp → give the password over Signal or in person.
  • Send the link through a work chat → give the password by phone call.

If someone compromises one channel — gains access to your email, intercepts a chat — they only have half the puzzle. Without the access password, the link is worthless.

Common mistakes when sharing passwords

  • Using the same access password for every note. If someone learns your usual note password, they can open any note you have shared before.
  • Leaving the note active after the recipient has read it. Delete or modify the note as soon as you confirm it was received.
  • Using notes for permanent credentials. Notes are good for temporary or first-login passwords, not for credentials someone will use for months.
  • Not confirming receipt. Always verify that the recipient could actually read the content before assuming the handoff went correctly.

Conclusion

Sending passwords securely does not require complicated tools or technical training. It requires not using email as a credential delivery channel, understanding that screenshots are not “safer” than text, and keeping the link separate from the access password. A password-protected note plus a thirty-second phone call is enough for most situations.

Create a note →