How It Works
Every shared password has a Lookup ID and a single-use PIN. These must be communicated to the recipient by email or IM.
Think of the PIN as a debit card ATM PIN.
A thief would have only three attempts to guess it until he is locked out.