If you send a password in an email that password is good until the encrypted file is deleted. With 1ty.me you are sent a one time link to the password and that link is good for only one hour. (NOTE: you can create more than one link to the same 1ty.me message in case multiple persons need access to the encrypted file. That significantly limits the
window of vulnerability.One time passwords and limited time key codes are commonly used and accepted security measures. 1ty.me is probably the simplest variation on that scheme, but there are other variants that offer even better protection in specific cases where there are long term relationships. For example
- when I log onto my bank I send them my permanent password and in turn they send a one time password to a device known to be associated with my account, and that on time code has to be entered within 30 seconds in order to access my data.
- Apple Wallet and its associated features, Apple Pay and beginning next month Apple Credit Card, all rely on one time passwords with a lifespan measured in seconds for security making them more secure than regular credit cards even when used for online transactions.
1ty.me, my bank, even Apple Wallet are not foolproof, but each narrows the window of vulnerability. (I do wish 1ty.me offered variable time limits) On the other hand I don't know of any absolutely foolproof protection that involves internet and email communications. Now that I think of it there probably isn't an absolutely secure communications channel short of a bonded courier and given human cupidity, not even that is not
absolutely secure, but bonding may cover your out of pocket losses.
