You are right, if you share the link and the password via the same (possibly compromised) channel, you are still at risk.
It is still mostly fine if you set the self-destruct to 1 successful download and your coworker acts within minutes.
It would be better if you verbally communicate the password in a e.g. a stand up call ("Guys, password is <InsertProjectName>+<CoworkerName>").
Second best would be 2 different channels
Link per Slack
Password per SMS
Best option:
Just tell your coworker to setup an account himself and send him a direct transfer.
End2End encrypted, asymmetricaly using his public key.
Where are you going to share the password?
If you're going to send the link and the password over Slack together, how would that be better than sending directly?
Excellent question!
You are right, if you share the link and the password via the same (possibly compromised) channel, you are still at risk.
It is still mostly fine if you set the self-destruct to 1 successful download and your coworker acts within minutes.
It would be better if you verbally communicate the password in a e.g. a stand up call ("Guys, password is <InsertProjectName>+<CoworkerName>").
Second best would be 2 different channels Link per Slack Password per SMS
Best option: Just tell your coworker to setup an account himself and send him a direct transfer. End2End encrypted, asymmetricaly using his public key.
[dead]
[dead]