Shield Shared Links: Password Requirement
Passwords for public links are wonderful, however, the capability to enforce all links (even those with internal or collaborator scope) would be beneficial for users and content security. If this password requirement could be tied to classifications as an access policy, that would make it increasingly difficult for negligent or malicious actions on Box content. Currently, we can only decrease the scope available for shared links, but by requiring a password, there will be additional adoption for Box and Shield, especially within highly regulated industries that require external or public distribution of content.
-
Joe Bryant commented
As a large FinServ organization, we would greatly benefit from the ability to force a password requirement on any open shared links.
-
G George commented
We consider this an absolute must as an enterprise solution that we are able to enforce passwords for all shared links, it came as a surprise the setting wasn't there in the first place and is being perceived by our clients as a public file sharing solution.
We have added it to our best practises for users to add one, but unfortunately during 1 week where 4000+ files/folders we shared only 5 were given passwords.
This is deemed as a major security flaw as we are leaving data exposed.As an organisation we are getting assistance on doing some development around this, but it needs to be baked into the product as an admin setting, especially at the enterprise tier offerings.
-
Anonymous commented
We implemented Box to allow our employees to share large files with external agencies. Often times our employees need to share proprietary or HIPPA protected information. Not having the ability to require passwords on shared links is a HUGE vulnerability because we cannot count on end users to remember to set a password. Additionally, when there are many collaborators on a folder it would be helpful for all of them to be able to see the shared link password so that they can distribute access without having to get in touch with the employee who created the shared link in the first place. This feature alone would provide enough value to make it worth the expense to add Shield to our existing accounts.