"Require recipients to log in"

  • 1
  • Question
  • Updated 2 months ago
I can't seem to find any support information on this.
When using Email with ShareFile to share a file, one of the Message Options is Require recipients to log in - which has the default setting of not checked. What happens to the shared file if that option is not selected? I assume it is still encrypted when uploaded to ShareFile's servers. But, if the recipient is not required to log in, then they must not have to create a username and password in order to access the file. And they could forward the ShareFile notification email to (or it could be intercepted by) anyone else who would also be able to access the file unimpeded. It seems counter-intuitive for a secure file transfer service to have as a default setting the ability to send a file to anyone without requiring them to log in to access it. What am I missing?
Photo of steve.aldrich

steve.aldrich

  • 6 Posts
  • 0 Reply Likes

Posted 8 months ago

  • 1
Photo of Ross Bender

Ross Bender

  • 60 Posts
  • 10 Reply Likes
When login is not required, essentially it creates a public anonymous share. Anyone with the link can access it
Photo of steve.aldrich

steve.aldrich

  • 6 Posts
  • 0 Reply Likes
Thanks for the reply, Ross.

That's what I was thinking. So, the default action is to send files anyone can access? The question has been asked "Isn't the file encrypted?" My response has been, it may very well be encrypted while sitting on ShareFile's servers. But when someone clicks the link to download the file, they get the original, unencrypted file. Correct?
Photo of Leo

Leo, Official Rep

  • 382 Posts
  • 25 Reply Likes
Hi Steve,

Files are stored in an encrypted state on the storage server, but downloading it decrypts the file as part of the download process.

-Leo
Photo of ajbmd neurology

ajbmd neurology

  • 8 Posts
  • 2 Reply Likes
A secure file service should always treat everything as secure by requiring that anyone downloading a file is at least recognized as an individual (another issue with anonymous downloads)....so the default setting should always be that a user is required to login to view it,   If one provides an option for a "public accessible link"  then a big huge red warning box should show up making sure the User knows what they are doing.  But the default should be that access requires a login,  There is no fee for a person to create a user ID to view files, so this should not be an issue.  Its one more reason why if you look at the Podio workspace paradigm, where you invite named people in who need to login to view, its so powerful and adaptive.
Photo of steve.aldrich

steve.aldrich

  • 6 Posts
  • 0 Reply Likes
I agree about what the default should be. And I know I can make that a system-wide setting. But...
Believe it or not, I have clients who don't want to have to log in because they have too many secure logins already and can't remember all their passwords. Another issue I have to deal with is with over-protective companies that block incoming messages from secure file transfer sites, but that's another story. Or people who insist on sending us spreadsheets filled with personal data through open e-mail even though I provide them with a link for secure file transfer. Maddening!
Photo of John Taylor

John Taylor

  • 9 Posts
  • 1 Reply Like
Our user community was forced to require a login and password when anyone access a file through ShareFile.  Still hear complaints why can't we be like DropBox.  ShareFIle is superior and like its capabilities.

Problem occurs when someone uses "Get a Link", sets the duration longer then our default one week, no requirement for an authenticated login and they forget about the link, add additional folders and place confidential information. The potential existed and access to require a login was implemented, "Get a Link" was removed. 

Agree with a previous commenter, if there was a "public" access folder then access should be preceded with huge warnings regarding anonymous access. Personal Folders, Shared Folders and Public.

Today Cyber Security demands control and auditing of who is accessing Company files. We now know when files are accessed and by whom.  It is not much good if you have encrypted storage controllers, encryption in transit when access is anonymous when certain links (Get a Link) are forwarded to unauthorized people.

As far as clients forgetting their password, will say ShareFile has the ability for those who forget to easily reset their passwords. 
(Edited)
Photo of Danny Sanchez

Danny Sanchez

  • 1 Post
  • 0 Reply Likes
If I have already shared a link and then I notice that I didn't check the box requiring authentication. How can I  change that property in an already shared link?. 
Photo of ajbmd neurology

ajbmd neurology

  • 8 Posts
  • 2 Reply Likes
One of the reasons I use Podio so much more, with sharefile as the file storage behind it when needed, is that its mobile app engages people so easily that the issue of enterprises, etc becomes much less