Share Link Security

Share Links are designed for convenient, ad-hoc sharing of files and folders with external contacts. Files.com takes security seriously, so we provide features to protect your link from people you don't want to access it.

Site-Wide Sharing Settings for Security

Some security settings are available only for site administrators, because they affect the behavior of all Share Links within the site. Site administrators configure these settings to enforce best practices and comply with your organization's security program.

The Password protect all Share Links setting and the Apply password rules to shares, inboxes, and publicly served folders define password protection rules for all Share Links. The Enforce access control for all Share Links setting, and the Recipient email restrictions settings (Block known scam or free email domains and Additional email domains to block) control how Share Links are accessed, and who can be invited to access them. The Share Link expiration setting allows site administrators to enforce a maximum number of days before a Share Link is automatically removed.

The Auto-revoke Share Links for deactivated users setting allows automatic deactivation of Share Links owned by a user when that user is disabled or deleted.

Password Protection

You can secure each Share Link with a password. Password-protected shares will require visitors to enter the correct password in order to view and download the contents of the share.

By default, password protection of Share Links is optional, but site administrators can require passwords for all Share Links. When passwords are required for Share Links, users must supply a password while they are creating the Share Link. To prevent the use of weak passwords by your users, you can also require that passwords for links meet the requirements for user passwords.

When the site setting to require passwords for all Share Links is not enabled, users can still enable password protection within the settings for each their Share Links.

Password protection for Share Links is not compatible with email based one-time passwords because only one authentication type is permitted per share link.

Prefer password protection for your Share Link over one-time email passwords whenever your workflow means contacts view your Share Link embedded in another website or by accessing the link URL directly.

Email Based One-Time Password

The email based one-time password feature lets users offer a workflow that does not require distributing passwords for a Share Link while still protecting your link's contents from people other than the intended recipient.

The workflow for using an email based one-time password is designed to provide an extra layer of validation that the person visiting your Share Link is your intended recipient by verifying they have access to the recipient's email at the time of visiting. When they visit your Share Link, Files.com generates a new email to the recipient with a single-use password, and the link page requires that password to proceed. Each password is valid for only 1 use.

Email based one-time passwords are not compatible with standard Password protection for Share Links because only one authentication type is permitted per share link. Use the settings on your Share Link to enable either password protection, email based one-time passwords, or neither.

To ensure that only emailed contacts can access your Share Link, enable Access Control for your Share Link when you enable Email based one-time passwords.

Because email based one-time passwords require knowing the recipient's email before they visit the link, you must use email invitations to publish your link to recipients. This results in multiple emails being sent to each recipient. The first email is the invitation email, with the personalized URL the recipient must follow to access their Share Link. When the recipient visits their personalized URL, the Share Link One-Time Password email is generated and sent separately.

Because email invitations are required with the email based one-time password, you cannot use this feature with a Share Link that is embedded in a web page. Visitors who access the Share Link URL without following an invite cannot access the Share Link.

Access Control

Access control locks a Share Link to invited recipients and one web browser. Enabling access control prevents an invitation URL from working in more than one browser.

Access control prevents access; it does not remove access from a visitor to your share link.

What Access Control Enforces

Recipients must enter through an emailed invitation. Each invitation email contains a recipient-specific URL.

Each recipient gets a unique URL. Recipients do not affect each other, so inviting multiple people to a Share Link with access control allows each person to use the link in their own invitation email.

Each invitation URL maps to 1 invited email address, so activity using that URL is logged under that invited email address.

Files.com binds that URL to the first browser that opens it. That browser becomes the only browser that can use that URL.

Files.com does not verify that the human using the browser matches the email. This is because browsers do not know whether the person following the URL was the original recipient or whether the URL was copied or the email is forwarded.

Browser Binding and Link Reuse

When a recipient opens their invitation URL, Files.com stores a session identifier in the browser's local storage. That identifier ties the invitation URL to that browser.

When the invitation URL opens in a different browser, Files.com shows a message the invitation code has expired . Files.com sends a replacement email to the invited recipient with a new recipient-specific URL.

Files.com disables the original invitation URL after link reuse. All visitors who start start a new session at that URL see a message the invitation code has expired.

The browser that first opened the invitation URL keeps access through its existing session. To move to a different browser, open the newest invitation email in that browser.

Files.com sends at most 1 replacement email every 15 minutes. This limit applies per recipient per Share Link.

Common Scenarios When Access Control Is Enabled

Each recipient gets a unique invitation URL. Access control limits each URL to one browser session.

1. The first browser that opens the URL gets access. That browser keeps access through the same session.
2. Any other browser that opens the same URL sees a message that invitation code has expired.
3. Files.com emails the invited recipient a replacement URL. Files.com sends at most 1 replacement email every 15 minutes.

Scenario - Invitation Email Was Forwarded

We invite Bob to a Share Link. Bob forwards the email to Alice.

Alice clicks Bob's invitation link first. Alice gets access. Files.com logs the access under Bob's email address because the URL is tied to Bob.

Bob clicks the same invitation link later. Bob sees a message that the invitation code has expired. Bob cannot access the Share Link.

Files.com emails Bob a replacement link. Bob uses the new link to access the Share Link.

Scenario - Invitation Email Opened By Recipient and Forwarded Later

We invite Carlos to a Share Link. Carlos forwards the invitation email to Devina.

Carlos clicks his invitation link first. Carlos gets access.

Devina clicks the forwarded link later. Devina sees a message that the invitation code has expired. Devina cannot access the Share Link.

Files.com emails Carlos a replacement link. Carlos can still use the original link in the browser he used earlier until that session ends.

Scenario - Recipient Follows URL on Multiple Devices

We invite Ezra to a Share Link.

Ezra opens the invitation link on a work computer. Ezra gets access.

Ezra opens the same invitation link on a home computer later. Ezra sees a message that the invitation code has expired.

Files.com emails Ezra a replacement link. Ezra uses the new link on the home computer to access the Share Link. Ezra can still use the original link in the same browser on their work computer until that session ends.

Scenario - Recipient Uses Private Browsing

We invite Fiona to a Share Link.

Fiona opens the invitation link in a normal browser window. Fiona gets access.

Fiona opens the same invitation link in a private browsing window. Fiona sees a message that the invitation code has expired. Fiona cannot access the Share Link in the private browsing window.

Files.com emails Fiona a replacement link. Fiona uses the new link in the private window to access the Share Link. Fiona can still use the original link in the normal browser window until that session ends.

Scenario - Multiple Invited Recipients

We invite Gregory, Haeyoung, and Indu to the same Share Link. Files.com sends each recipient a unique invitation URL.

Gregory opens Gregory’s URL and gets access. Indu opens Indu’s URL and gets access.

Gregory’s URL does not invalidate Indu’s URL. Each recipient’s URL binds and rotates independently.

When to Use Access Control

Turn on access control when you already know who you intend to access your link, and the process starts from an invitation email. Access control requires using email invitations with your recipients.

Use access control for sensitive one-to-one or one-to-few sharing. Commonly, this means that a recipient forwarding the invitation email creates unintended access that you want to prevent.

Do not use access control for broad distribution. Do not use it when you will publish the Share Links's address on websites, chat channels, printed handouts, QR codes, or if you're embedding the link in your own site.

If you need stronger proof that the visitor controls the invited email address, enable email based one-time passwords on top of access control.

Enforce Access Control for All Share Links

Your site includes a setting to Enforce access control for all Share Links. When a Site Administrator enables the setting, all new Share Links enforce access control, which also means they require emailed invitations.

Enabling the setting does not change the settings for any Share Links that already exist. To apply access control to existing Share Links, edit each Share Link to change its settings.

Do not enable this setting when you want to publish any Share Link addresses on websites, chat channels, printed handouts, QR codes, or if you're embedding a link in your own site.

Configure Access Control for a Single Share Link

If your site does not enforce access control, set Access control per Share Link. Choose Allow access from anybody with the share URL or Only allow access from emails generated from Files.com.

Use Allow access from anybody with the share URL when you don't want to use email invitations for your Share Link, or when you will publish the link address to multiple people, or when you don't know beforehand who will visit your Share Link.

Use Only allow access from emails generated from Files.com for sensitive one-to-one or one-to-few sharing, and when you know who you will invite to your Share Link. Turning on access control for an existing Share Link blocks new, non-invited browsers. It does not end sessions that already opened the Share Link.

Remove Existing Access to a Share Link

Revoking a Share Link ends all active sessions for that Share Link. Create a new Share Link after you revoke.

To control who regains access, add a password to the new Share Link. Or enable access control and invite the right recipients.

Recipient Email Restrictions

You can restrict the domains that can receive Share Link email invitations. Site administrators can configure 2 Recipient email restrictions settings for your site - Block known scam or free email domains and Additional email domains to block control. Both lists can be used at the same time to form a comprehensive email domain blacklist. Because these settings apply to your entire site, they cannot be overridden for individual users or Share Links.

The Block known scam or free email domains setting lets you take advantage of Files.com's block list of thousands of known scam and free email domains. The list is refreshed regularly, and it is not published. Enabling the Block known scam or free email domains setting will automatically apply this block list to all emailed Share Link invitations, preventing your users from sharing with unapproved addresses.

For more fine-grained control, site administrators can manually supply your own list of domains to block, using the Additional email domains to block setting.

When using either or both block lists, it is highly recommended to also enable the Enforce access control for all Share Links setting for your site to prevent users from providing direct access to a Share Link URL.

The block lists are used only for restricting whether a link invitation can be sent. If your link does not require access control, web visitors can register using an address that is on either of the block lists.

Share Link Expiration Dates

Whether you're allowing visitors to directly access a Share Link URL, or if you require them to follow a link from an emailed invitation, you will usually want to limit how long a share link will be valid. Expired Share Links display an error message to web visitors, so they are not able to access the contents of the link.

Site administrators can configure your site's Share Link expiration setting, which can be used to force all Share Links to automatically expire a certain number of days after they are created. You can choose between Never expire shares or provide the number of days before each Share Link will expire.

When a site administrator has provided a maximum number of days in the Share Link expiration setting, every Share Link will have an Expiration date, and users can never override any individual Share Link to give it a longer lifetime than the site's maximum. Users can edit their Share Link's Expiration to any date earlier than the site's maximum setting. A Snapshot Share Link automatically enforces an expiration of 60 days after the Share Link is created; if the site's maximum expiration setting is less than 60 days, the site's maximum is used instead.

If the Share Link expiration setting for your site is Never expire shares, users can still choose to add an Expiration date to each Share Link. Snapshot Share Links will always have an Expiration date, which will never be more than 60 days after the link was created, regardless of the site's Share Link expiration setting.

Because Share Link expiration is set by a site administrator, it applies to all Share Links. Changing your site's Share Link expiration value to a shorter number will immediately expire any Share Links that have been active for more than the provided number of days.

Share Links that have passed their Expiration date do not appear in listings of Share Links, so you cannot re-activate an already expired Share Link to extend its Expiration.

Share Link Publish Date

Sometimes, it is helpful to create a Share Link before it will be used. The Publish date for a Share Link determines the earliest date that the link will work, allowing you to configure a Share Link before you wish to make it available.

If users do not set a Publish date for their Share Link, the link will be available as soon as it has been created.

Here's an example usage of the Publish date setting for a share link. Imagine you are hosting an in-person event, and you wish to provide a printed handout to attendees so that they can download materials. In order to provide your printer with the correct address or QR code, you must first create the link, but you don't want anyone to access those materials until the event happens. Set the Publish date for your link to the date of your event to prevent attendees from accessing those materials until the in-person event.

Limit Visitors

To guard against a Share Link being accessed too many times, you can designate a maximum number of visitors that can visit the Share Link before it is automatically disabled. The number of visitors is determined by browsing data, so a user who follows the link on multiple devices may be counted more than once. A user who visits the link multiple times from the same browser will usually only be counted as one visitor.