I
ImgShare
Back to Blog
🪪Privacy & Security2026-04-03· 12 min read read

How to Share ID Documents Safely (Passport, Driver’s License, KYC) — Without Creating a Permanent Leak

A practical workflow for sharing ID document photos safely: redaction checklists, expiring links, password protection, and common mistakes to avoid when sending passports and driver’s licenses.

PrivacySecurityWorkflow

I learned this the uncomfortable way: the fastest way to get help (a visa question, a bank onboarding issue, a rental application) is to send a photo of your ID. And the fastest way to lose control of your identity is… also to send a photo of your ID.

A passport or driver’s license photo is basically a “starter kit” for identity theft: full name, birthdate, document number, issuing country, and often your address — plus a face image that can be reused in scams. The goal isn’t to be paranoid. It’s to share what’s needed, for only as long as needed, and in a way you can revoke.

This guide is my practical workflow for sharing ID documents safely: what to redact, how to reduce the blast radius, and how to share using an expiring link (optionally password-protected) instead of leaving a permanent attachment in email or chat.

Why ID document photos are high-risk (even if you trust the recipient)

Most leaks don’t happen because the recipient is evil. They happen because links get forwarded, inboxes get compromised, devices get lost, and “I’ll delete it later” never happens.

  • They’re reusable: many services accept “a photo of an ID” as verification.
  • They include multiple identifiers: name + birthdate + ID number + face.
  • They live forever: email threads, shared drives, customer support systems, and chat backups.
  • They’re hard to rotate: you can rotate a password in 60 seconds. You can’t rotate your birthdate.

The 60-second checklist before you send an ID photo

  1. Ask what they actually need. “Do you need full ID, or just name + photo?”
  2. Redact aggressively. Cover ID number, MRZ, address, barcode/QR, signatures — anything not required.
  3. Send the minimum side. Front only, unless the back is explicitly required.
  4. Remove metadata. Strip EXIF (especially if taken at home).
  5. Use an expiring link. 24 hours is a great default.
  6. Optional: add a password. Especially if email is involved.
  7. Share link + password separately. Link via email, password via SMS/chat.

What to redact on common IDs (practical “cover this” list)

Redaction is situational, but here’s my default posture: assumethe recipient only needs to confirm you’re the same person who is applying, not to collect every number printed on the card.

Passport

  • Passport number: redact unless the form explicitly requires it.
  • MRZ (machine-readable zone): redact — it contains the document number and other data.
  • Signature (if present): cover it.
  • Full-page scan: avoid if a cropped photo page is enough.

Driver’s license / national ID

  • ID number / license number: cover it unless required.
  • Address: almost never needed for “identity.” Redact.
  • Barcode/QR/mag stripe area: redact (it can encode the same data).
  • Signature: redact.

Student ID / employee badge

  • Student/employee number: redact.
  • Access patterns: badges sometimes imply building access rights.

Redaction tip: use an opaque box (solid black) rather than a light blur. Light blur is sometimes recoverable.

How to redact quickly (without fancy tools)

You don’t need Photoshop. You need a workflow you’ll actually do under pressure.

Option 1: Phone markup (fastest)

iPhone Photos → Edit → Markup → use a thick pen to cover numbers. Android: Google Photos → Edit → Markup.

Option 2: Screenshot strategy

Screenshot after you’ve redacted/cropped. Screenshots typically remove EXIF metadata and reduce accidental sharing of the original.

Option 3: Print-to-PDF (for forms)

If you must send a “document,” create a new PDF with only the required image region embedded. Don’t attach your full camera-roll original.

Best way to share: expiring link (and when to use a password)

In practice, the safest default is: expiring link + revocation. It’s simple for recipients and gives you a kill switch.

  1. Upload the redacted image. (Prefer a copy, not the original.)
  2. Set expiry. 24 hours for support tickets; 7 days if a compliance team needs time.
  3. Add a password if the link is going through email or a chain of people.
  4. Share password separately. It feels old-school, but it works.

A password is most valuable when: (1) you don’t control forwarding, (2) multiple recipients are involved, or (3) you suspect inbox compromise risk.

Suggested expiry times (what I use)

  • 24 hours: customer support, quick onboarding, “please verify me.”
  • 7 days: compliance reviews, rentals, bank KYC.
  • 30 days: only if the process truly requires it — and add a password.

Copy/paste templates (support, rental, finance)

Customer support / verification

“Sharing a redacted ID photo for verification. Sensitive numbers are covered. Link expires in 24 hours. Please confirm once verified so I can revoke access.”

Rental application

“Here is my ID for application verification. I’ve redacted the ID number and barcode; name/photo match are visible. Link expires in 7 days. Password sent separately.”

Bank / KYC (when they truly need full info)

“As requested for KYC, sharing both sides of my ID. Link expires in 7 days. If you can confirm completion earlier, I’ll revoke access immediately.”

FAQ

Is blurring safe enough for ID numbers?

Use an opaque box if you can. Light blur can sometimes be reversed. If the number is already exposed publicly, treat it as compromised.

Should I email my passport as an attachment?

Email attachments tend to become permanent and searchable. Prefer an expiring link you can revoke. If you must attach, send a redacted copy (not the original).

Does a screenshot remove metadata?

Often yes — screenshots typically strip EXIF. It’s a quick privacy win, especially if you’re on mobile.

What if a company insists on a full unredacted scan?

Verify you’re dealing with the real company, ask for their official secure upload channel, and set the shortest possible retention window. If it feels wrong, pause — identity documents are high-value.

Can I watermark my ID image?

Yes. A simple watermark like “For [Company] verification only — [date]” can deter reuse. Just don’t cover the required fields.

My default recommendation

If you only remember one thing: send the minimum, for the minimum time. Redact, use an expiring link, and revoke access as soon as you get confirmation.

It takes an extra minute. It can save months of cleanup.

Frequently Asked Questions

Is blurring safe enough for passport numbers and ID numbers?
Use an opaque box when possible. Light blur can sometimes be reversible. If the number is not required, cover it completely.
What should I redact on a driver’s license?
Default to redacting the license/ID number, address, barcode/QR, and signature unless the recipient explicitly requires them.
Should I email my passport photo as an attachment?
Avoid attachments when you can. Use an expiring link you can revoke. If you must attach, send a redacted copy rather than the original.
Do screenshots remove metadata (EXIF)?
Often yes. Screenshots typically strip EXIF metadata. It’s a quick privacy win, especially on mobile.
What expiry time should I use for ID document sharing?
24 hours for quick verification/support, 7 days for KYC/compliance workflows, and only longer when required — ideally with a password.

Ready to try ImgShare?

Upload and share images instantly. No sign-up required. Free forever.

Start Uploading — It's Free

More Articles

🩺

How to Share Medical Photos Privately (Telehealth, Insurance, and Second Opinions)

2026-04-02 · 12 min read

🫣

How to Share Screenshots Safely (Without Leaking Passwords, Tokens, or Customer Data)

2026-03-31 · 11 min read

🧸

How to Share Kids’ Photos Safely (Without Turning Family Chat Into a Leak)

2026-03-30 · 10 min read

🏠

How to Share Real Estate Photos Privately (Without Leaking the Address)

2026-03-29 · 12 min read