Shared Link Password Policy
Much like the default link expiry policy we would also like one specific to forcing passwords for shared links and preferably being able to define that policy with minimum characters and complexity.
Bonus would be passwords that are auto-generated and viewable by the creator of the shared links to minimize the need for external tools.
This would be IDEAL for us! Not being able to force people to use a password means I have to constantly check the shared links OR not allow people to share externally, which would eliminate the reason for having Box in the first place.
Using a password policy to enforce password protection for a shared link, would be a great baseline security measure. This could eliminate some elements of human error.
As with most security the technicians never weight the tradeoffs on what they are doing. You recently have forced complex passwords for links in file sharing without provided a means (that I can find) to disable it at user choice. You have now made me less secure because I was using a simple password that the recipient would know (last four os SIN) and now you won't let me put that in. So I just send the link without a password which is less secure. Your security change has as a result made me less secure. PLEASE CHANGE THIS!!!!
AdminHiroaki Kirihara (Admin, Box) commented
Although this original pulse entry indicates that Box native password auto-generation feature to be a bonus, since the characters such as '<' and '>' are prohibited to be used in the shared link password but is commonly used as a symbol when generating passwords using password generators, it'd make sense to have Box native auto-generation feature so that the users doesn't have to consider about such prohibited characters.
It would be great if Box had a built-in password generation function on the share file area. It should allow the user to specify length and complexity parameters. Ideally, there would be an admin setting that could control this as well to ensure passwords are complex enough to minimize brute force attacks.
AdminJovonee King (Admin, Box) commented
Users would like passwords to be automatically created when a shared link is generated