From 2e917496d128f099fc389bfc1fc927284c1029bb Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Sun, 2 Jun 2019 01:36:07 +0200
Subject: [PATCH] Add hint for URL sending

Signed-off-by: Knut Ahlers <knut@ahlers.me>
---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 9d41e23..6fd7b9d 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,12 @@
 
 My specific usecase for this is I do have accounts which OTP secrets are stored outside of my TOTP generator as usually I don't need to access those accounts and if I would add those secrets to my TOTP generator I would have a lot more entries in it. So I do store the secrets in a safe place and needed a convenient generator to generate single OTP tokens from them.
 
+You can even send the page with the OTP code to someone by appending the secret to the URL in the hash part:
+```
+https://webtotp.example.com/#mysecret
+```
+As long as you make sure it is in the hash-part (behind the `#`) the browser will not send the secret to the server but keep it locally in the browser. When sending the URL containing the secret make sure you are using a secured transport like [OTS](https://ots.fyi/) to ensure the chat / email provider is not able to fetch those secrets from the URL.
+
 ![](screenshot.png)
 
 ## Installation