Skip to content

What problem could Box solve for you?

← Help shape the future of Box

Open Shared Link Controls: Default Password Requirements for Open Shared Links

REQUEST: Admin would like the ability to set a global control whereby all public/open ('people with the link') links must have a password.

Our current controls on shared links impact all 3 Shared Link permissions causing additional impact on the user experience.

157 votes
Vish Mittapalli shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?
not planned  ·  AdminAnonymous (Product Executive, Box) responded  · 

Instead of “require password” security control, we intend to support “Require OTP” requirement for public links (via SMS, Email, or TOTP). I wanted to share where we are headed. We do not plan on delivering this ask as is, but we do intend to solve the security use case behind it.

Please comment if you disagree.

Show previous admin responses (2)
Signed in as (Sign out)
Close
Submitting...
An error occurred while saving the comment
  • AdminS.K. (Admin, Box) commented  ·   ·  Report

    My customer is using the other large file transfer service (See below link) just for sending/receiving a file to/from external stakeholders. They would like to replace it with Box as both services largely duplicates in features. However, only "by default password" is something that box can't do now and therefore, it is not secure enough to allow the public link. Please consider to prioritize this.

    https://support.hdeone.com/hc/en-us/articles/115005364668-What-is-HENNGE-Secure-Transfer-

  • AdminH.K (Admin, Box) commented  ·   ·  Report

    I believe this pulse was raised to make sure enterprise can automatically protect their public shared links with password by default. With such feature, enterprise can protect/restrict access to their shared links only to those who are authorized, even those people accessing doesn't have or couldn't create Box accounts.

    If suggested "Require OTP" enhancement is only for a user verification and logging purposes, kindly continue to consider providing an option to restrict open shared links with password protection by default.

  • John Shubb commented  ·   ·  Report

    Hi Alok,

    The feature you describe (i.e. "Require OTP") was promised to our organization back in 2018. At that time, we were told it would be rolled out in the first Quarter of 2020. As we are near the end of 2020 Q1, I was wondering if this feature will, indeed, be released soon.

    Please Advise,

    John

  • Anonymous commented  ·   ·  Report

    This would be really awesome for our implementation. From a security/privacy perspective, having a file that could contain sensitive info open linked openly to the entire internet is a bad idea. Password-protected links by default should be an available option.

2 Next →

Help shape the future of Box: Security

Categories

Feedback and Knowledge Base

(thinking…)

By entering and viewing this page, you agree to be bound by (1) UserVoice Terms of Service and the (2) Box Community Terms of Use. In the event of a direct conflict between the foregoing terms of service with respect to the Box Community Guidelines, Feedback and Suggestions, the Box Community Terms of Use shall take precedence as between you and Box.