Send Time Limited Secure Logins with timebomb.it

Today we officially launched a new web and mobile application timebomb.it, making it easy and more secure to send confidential login information from one person to another. You can think of it as a secure URL shortener for sending logins. All it takes is one person to break into a computer or email client, or one phone to be lost for an attacker to gain access to some really confidential stuff. We bet a search for “login”, “username”, or “password” in most email boxes will come up with something useful for a hacker, and this is why we ask you to timebomb.it next time you need to send confidential information.

1) Create a Link. 2) View it, send it, blow it up.

Put Hackers Against the Clock

As a development company, we either require, or maintain login information for servers, mail accounts, or applications for our clients- all of which are generally secured by a username and password. So when we need login information, we get it in an email. This confidential information remains in our sent folder, the clients inbox, and maybe on some of our mobile devices (if we choose to sync them). We decided we needed a way to send confidential information, but not have it linger inside an email client. Timebomb.it creates random URL’s for logins, with the option to blow it up in 1-hour, 1-day, or 1-week. Now we just send that link over, and know that if a hacker gets a hold of our computer in a year, our email account isn’t peppered with our clients usernames and passwords.

A Simple Interface, Because it Should Be

Our background in mobile webapps gave us the tools to make this thing mobile-ready out of the box. Using HTML5, CSS3, and custom jQuery scripts, we are seeing sub-500ms load times on a regular internet connection. The only images used are on the timebomb.it about page, which is full-width for most screens, and scales seamlessly on a mobile device. We figure with some of the odd situations you could use timebomb.it for, you want it viewable on a phone, quick to access, and easy to read:

- You need the alarm code for your grandmas garage door (just use the password field)
- You want your mom to send you the logins to your AT&T account
- Your co-worker emailed you asking for the credentials to the computer in the testing lab
- You reset the combination-code door lock on your office building, and want to inform your employees

Once you have created a link, we even have the option to “Blow it Up”; not only because it is fun to blow things up, but because you might decide you no longer want the information available. Each data field uses a mix of custom Flash and Javascript enabling a cross-browser click-to-copy feature. We set out for a professional design so users trust it, and super-transparency with the presentation of information- hopefully you agree this is a “mission accomplished”.

Passwords love encryption, give them some love.

We use an SSL encrypted connection, or HTTPS, to transfer all information to and from timebomb.it over the internet. This means people snooping your network can’t get a hold of anything you type in, or look at. Our databases are also completely encrypted, expired links are deleted every hour, and no link is ever used twice. Our servers have brute force detection, strict firewalls, and are behind bullet proof glass with armed guards (thanks Media Temple). We currently use a 10-character alpha-numeric random string to generate links; this means there are 3,656,158,440,062,979 (3.65 quadrillion) links available. Put it this way, the odds someone winning the lottery, getting struck by lighting, and dating a supermodel in their lifetime are better than their chance of finding a timebomb.it link (remember, links must expire within a week).

CIA: Confidentiality, Integrity, Availability

This acronym represents the three widely accepted components of information security. We have described how we address confidentiality and integrity using some great technology, but the most important aspect is availability. Sure, random URL’s may not be a great idea to send nuclear launch codes, but its a heck of a lot better than sending them in a plain-text email. In security we make trade-offs, and we know that if a system is too hard to use, or takes too long to access, it will get scrapped. Our mission is to provide something really secure, and to force people to think about things like security and password management, while not slowing them down.

Thats a Wrap, plus an API with a Wrapper

We never want to leave our automation-loving, UI-enhancing developers without something neat and exciting, and this is why we made a simple API and PHP wrapper, check it out: timebomb.it API and PHP Wrapper Class. Please make sure to leave you thoughts in the comments, we hope you all enjoy this little tool.