SafeMonk LogoSafeMonk

Security Best Practices

Follow these guidelines to maximize your security when sharing secrets with SafeMonk. A few simple practices can make the difference between secure and compromised data.

New to SafeMonk? Start with understanding how our technology works first.

🎯

Choosing the Right Sharing Mode

Use Link-with-Key When:

  • Sharing with trusted contacts via secure channels
  • Convenience is more important than maximum security
  • Sharing passwords for non-critical accounts
  • Quick one-time information sharing
  • Using encrypted messaging apps (Signal, WhatsApp)

🔐 Use Passphrase Mode When:

  • Sharing highly sensitive data (financial, legal, medical)
  • Using untrusted communication channels
  • Maximum security is required
  • Sharing with unknown or semi-trusted recipients
  • Posting links in public or semi-public spaces
🔑

Creating Strong Passphrases

When using passphrase mode, SafeMonk uses PBKDF2 key derivation to transform your passphrase into a cryptographically strong encryption key. Here's how to make the most of this security.

Good Passphrase Practices

Length Over Complexity

"correct horse battery staple" is stronger than "P@ssw0rd1!"because length matters more than special characters.

Use Memorable Sentences

"My cat Luna loves tuna on Tuesdays at 3pm" is bothmemorable and secure.

Add Personal Context

Include dates, places, or events meaningful to you but unknown to others.

Avoid These Mistakes

Dictionary Words

Single dictionary words, even with numbers/symbols, are vulnerable to dictionary attacks.

Personal Information

Avoid birthdays, names, addresses, or other information that could be found on social media.

Reused Passphrases

Never reuse passphrases from other accounts or services. Each secret should have a unique passphrase.

Passphrase Examples

Strong Examples

  • "Pizza delivery arrived 15 minutes late on Friday"
  • "Coffee shop on 5th street plays jazz music"
  • "Red bicycle parked outside library since Tuesday"

Weak Examples

  • "password123"
  • "JohnSmith1985"
  • "P@ssw0rd!"
🔗

Secure Sharing Practices

Channel Separation (Passphrase Mode)

Always share the link and passphrase through different communication channels. This prevents a single compromised channel from exposing everything.

Example Combinations

  • • Link via email → Passphrase via SMS
  • • Link via Slack → Passphrase via phone call
  • • Link via WhatsApp → Passphrase via Signal
  • • Link via Teams → Passphrase via in-person

Verify Recipients

Always confirm you're sharing with the right person, especially for sensitive information. A simple verification can prevent costly mistakes.

Verification Methods

  • • Double-check email addresses/phone numbers
  • • Use established communication channels
  • • Ask for confirmation of receipt
  • • Verify identity through another channel

⚠️ Communication Channel Security

Secure Channels

  • • Signal (encrypted)
  • • WhatsApp (encrypted)
  • • Telegram Secret Chats
  • • Phone calls
  • • In-person

⚠️ Use with Caution

  • • Regular email
  • • SMS/text messages
  • • Slack/Teams DMs
  • • Discord DMs
  • • Social media messages

Avoid for Sensitive Data

  • • Public forums
  • • Social media posts
  • • Unencrypted chat rooms
  • • Shared documents
  • • Public messaging boards

Setting Expiration and View Limits

SafeMonk's burn-after-read technology ensures your secrets are automatically destroyed. Choose the right settings for maximum security.

Time-Based Expiration

High Security: 5-60 minutes

For immediate sharing when both parties are online

Balanced: 1-24 hours

Good for most use cases, allows for time zones

Extended: 1-7 days

When recipient availability is uncertain

Maximum: 30 days

Only for non-sensitive data or special circumstances

View Limits (Text Notes Only)

1 View (Burn-after-read)

Maximum security. Once viewed, the secret is gone forever. Use for highly sensitive data.

3-5 Views

Allows for mistakes or multiple team members. Good balance between security and usability.

10 Views

For team sharing or when multiple accesses are needed. Use sparingly and only when necessary.

💡 Pro Tip: Combine Both

Use both time and view limits for maximum security. For example:"1 view OR 1 hour, whichever comes first" ensures the secret is destroyed quickly.

📁 File Behavior

Files use burn-after-download instead of view limits. They are automatically deleted after successful download, regardless of how many times the link is accessed. Only time-based expiry applies to files.

📁

File Sharing Best Practices

Before Uploading

  • Remove metadata: Strip EXIF data from images, document properties from Office files
  • Check file contents: Ensure no sensitive information in comments, revision history, or hidden data
  • Verify file type: Make sure you're sharing the intended file, not a similar-looking one
  • Consider compression: ZIP files with passwords add an extra layer of protection

File Types to Be Careful With

Office Documents

May contain revision history, comments, or metadata

Images with EXIF

Can contain location data, camera info, timestamps

PDFs

May have embedded metadata, form data, or annotations

Archives (ZIP, RAR)

Check all contained files, not just the archive itself

⚠️

Common Security Mistakes to Avoid

Don't Do This

Sharing Links Publicly

Never post SafeMonk links on social media, forums, or public channels. Anyone with the link can access the secret.

Copying Incomplete URLs

Always copy the complete URL, including everything after the # symbol. Truncated URLs won't work.

Using Same Passphrase

Don't reuse passphrases across multiple secrets or from other accounts. Each secret should have a unique passphrase.

Ignoring Expiration Times

Don't set unnecessarily long expiration times. Shorter is always more secure.

Do This Instead

Use Direct Communication

Share links directly with intended recipients through private, secure communication channels.

Verify Complete URLs

Double-check that the entire URL was copied, especially the fragment after # which contains the encryption key.

Generate Unique Passphrases

Create a new, unique passphrase for each secret. Consider using a passphrase generator for maximum security.

Choose Appropriate Timing

Set expiration times based on urgency and sensitivity. When in doubt, choose shorter times.

🚨

Emergency Procedures

If You Accidentally Share Publicly

  1. 1
    Act immediately: If the secret is set to 1 view, access it yourself to burn it before others can see it.
  2. 2
    Delete the post: Remove the public post containing the link as quickly as possible.
  3. 3
    Change related passwords: If the secret contained passwords or keys, change them immediately.
  4. 4
    Monitor for misuse: Watch for any signs that the information was accessed by unauthorized parties.

If You Suspect Compromise

  1. 1
    Assume the worst: Treat the secret as if it was accessed by unauthorized parties.
  2. 2
    Change credentials: Immediately change any passwords, API keys, or access tokens that were shared.
  3. 3
    Revoke access: Disable any accounts or services that might have been compromised.
  4. 4
    Enable monitoring: Set up alerts for unusual activity on affected accounts or systems.

Quick Reference Checklist

Before Sharing

  • Choose appropriate sharing mode
  • Set minimum necessary expiration time
  • Use burn-after-read when possible
  • Verify recipient identity
  • Choose secure communication channel

When Sharing

  • Copy complete URL (including #)
  • Use separate channels for passphrase
  • Double-check recipient details
  • Avoid public or group channels
  • Confirm receipt when possible

After Sharing

  • Verify successful access
  • Delete link from your devices
  • Clear clipboard/chat history
  • Monitor for any issues
  • Change passwords if compromised