New Shared Link Setting for OTP to Specific Email Addresses
Proposing a new Shared Link setting or type that allows users to send a shared link to a specific email address which requires a OTP password, similar to the authentication used when an individual is sent a Sign Request via Box Sign.
This would allow for a simpler, more secure user experience when sharing one-off links than password-protecting a public link.
AdminBrad Rosenfield
(Solutions Engineer, Box)
shared this idea
-
Kengo Masuda-Marubeni IT Sol
commented
Since this requests of mine also seek the same functionality, I would appreciate it if you could consider them by combining the vote counts.
-
Kengo Masuda-Marubeni IT Sol
commented
I strongly support this idea.
If implemented, it would enable identifying the email addresses of users accessing via shared links. Currently, we can only trace to IP addresses, and some companies have completely banned open links due to this limitation.Additionally, by allowing the issuer to specify addresses or domain ranges capable of receiving OTPs when issuing links, it would be possible to create links that cannot be redistributed.
Recently, there have been cases where cloud links themselves are exposed on the dark web, and in such instances, the leaked link passwords are typically published alongside them. OTP-based links with restricted recipients are a powerful countermeasure against such scenarios.