Password-Protected Links: Share Private Stuff Without Building a Login

Here's a situation that comes up constantly: you need to share something private — a client draft, an event detail, early-access content — but you don't want to build an entire login system just so three people can see it. You could email a PDF. You could set up a shared Dropbox folder. You could create a Google Doc and manage permissions. Or you could just put a password on a link and move on with your day.

When a password beats building auth

Building authentication — user accounts, password resets, session management — is appropriate when you have lots of users who need persistent access. But a lot of situations don't justify that overhead. A password-protected link is the right call when:

• You're sharing a draft with 2-3 clients and they just need to see it once
• You're distributing event details to registered attendees
• You're giving early access to a blog post or video before it goes public
• You're sharing sensitive pricing or proposal info with a prospect
• You want to gate something behind a simple shared password, not per-user accounts

Setting it up on SHCD.US (it takes 30 seconds)

Create a short link — say, shcd.us/client-draft — and point it at your draft page. In the link settings, enable password protection and set a password. Save. Done. Now anyone who visits that link gets a password prompt. They enter the right password, they see the content. They don't, they don't.

No user accounts to create. No permissions to manage. No "you need a Google account to view this file" friction. Just a link and a password.

Best practices (so you don't accidentally leak things)

• Don't reuse passwords. The password for shcd.us/client-draft shouldn't be the same one you used for last month's proposal. If one leaks, you don't want them all to leak.
• Send the password separately. If you're emailing the link, text the password. If you're texting the link, email the password. Don't put both in the same message — that defeats the point.
• Use expiration as a belt-and-suspenders move. Set the link to expire after a specific date. Even if the password somehow gets out, the link stops working. Two layers of protection is better than one.
• Tell people what to expect. Before they click, let them know they'll need a password. "Check your text messages for the password" is a lot friendlier than a surprise gate.

How it compares to the alternatives

Email attachments: Works, but you lose control after you hit send. Can't revoke access, can't update the file without sending another email, and large attachments hit inbox limits.

Dropbox / Google Drive shared links: Better, but the recipient still needs an account (or at least gets nagged to create one). Permissions are easy to misconfigure. And "Anyone with the link can view" is not the same as password-protected.

Password-protected SHCD.US link: They click, they enter a password, they see the content. No accounts, no permissions, no "request access" emails. And you can update the destination, set an expiration, or remove the password at any time — they see the latest version instantly.

It's not the solution for everything. If you need audit logs, per-user access, or role-based permissions, build real auth. But for the 80% of cases where you just need to share something privately with a handful of people? A password on a link is the simpler, faster, cheaper answer.