Why Email Gating is Safer Than Passwords
When sharing a secret link, your first instinct is sticking a password on it. "Password123", right? The problem is: how do you share the password?
Usually, you send the link in Slack, and then the password... also in Slack. If an attacker compromises your Slack history, they have both parts of the puzzle. Email Gating solves this by using an identity you already trust.
Identity over Knowledge
Passwords recall "Known Information". Email verification proves "Identity Ownership". By restricting a secret to `engineering@acme.com` or `*@acme.com`, you are saying: "Only someone who controls this inbox can view this".
Passwords
- Can be shared/leaked easily
- Hard to transmit securely
- Weak passwords are bruteforceable
Email Gating
- Tied to 2FA-secured email
- Audit trail of access
- No secondary secret to manage
Domain Lockdown
For enterprises, we offer Domain Lockdown. You can configure your team account so that *any* secret created by your employees must be restricted to your corporate domain. This prevents accidental leaks to personal Gmail accounts or external vendors.
How it works
1. You set the recipient email (e.g., `jane@doe.com`).
2. Jane opens the link.
3. EnvShareApp asks for a verification code.
4. Jane receives a 6-digit OTP in her email.
5. Only after verifying the OTP is the decryption key released.