Sharing files with password protection

  1. Observation of Current Process:

    • When sharing files via a public link with a password, recipients are initially required to enter the password upon their first access.
    • Post initial access, the password is not required for subsequent entries, regardless of the time elapsed since the first entry (be it the same day, the next day, or even the next month).
  2. Concern:

    • The primary concern arises after the initial password entry. Once the password is entered, any individual with access to the public link can open the files without needing to re-enter the password.
    • This process seems to undermine the security intended by the password protection, as the protection becomes ineffective after the first use.
  3. Question on Intended Behavior:

    • Is this behavior an intentional design of the password protection feature for file sharing?
    • If so, it appears to present a significant security flaw. The protection offered by the password is essentially nullified after its first use, potentially allowing unauthorized access to anyone in possession of the public link.
  4. Seeking Clarification and Opinions:

    • I am interested in understanding if this is the standard operational procedure for such file-sharing services.
    • Additionally, I welcome opinions on whether this method is considered secure and effective in protecting sensitive files.

I look forward to the community’s insights and any recommendations on how to enhance security in such file-sharing scenarios.

1 Like

When you enter the password, it is stored in your browser (cookie or local storage). You can test this by accessing the same shared link using a different browser, in which case you must reenter the password again. It is not true that anyone with the link has access in case the password was entered once.

Great answer thank you. Explains it now.