PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA 28
This is an open-source tool
developed by Delano Mandelbaum
(https://onetimesecret.com). We
implemented One-Time to avoid having
copies of sensitive information stored in
many places, which is what happens when
you send people passwords and private
links via email or chat. With our users
distributing One-Time links instead, the
information allows for a single viewing. It
can't be read by someone else later. Think
of it like a self-destructing message.
Since trying One-Time Secret to
exchange logins, passwords and other
sensitive data, we've learned a few things
that could help you:
This is an open-source tool, and the
code is available for download and
review on GitHub (https://github.com/
onetimesecret/onetimesecret).
You can customize and host the tool
internally if your risk appetite does
not allow you to use the existing
online service.
If you do not have developers (HTML coders) in-house, it might take some time to
customize this to work the way you want (if hosted on your internal network).
The tool addresses a very small niche, so determine your requirements and needs
before diving in.
It has worked well for us, and it might work for you. I can be contacted if you have
questions on how to customize One-Time Secret for your firm.
CASE STUDIES
About the Author
Prabhakar Chandrasekaran is the Senior Manager of Information Security at
Ogletree, Deakins, Nash, Smoak & Stewart, P.C. and a member of ILTA's LegalSEC
Council. Contact him at prabhakar.chandrasekaran@ogletreedeakins.com.
One-Time Secret Exchange
Ogletree uses the One-Time Secret tool as a way to share sensitive information, within
the firm and with clients, simply and securely. It allows users to exchange logins and/or
passwords among themselves or with clients in a secure manner without that information
being stored in email messages or instant messaging logs.
2
3
4