Revolving around the core of technology
From a security perspective, it would be far better to have the password field set as required when creating a public link. As it stands now, a public link can be created without a password for either uploads or downloads, which is a serious security flaw. If a user creates a public link and emails the other party, any clear text message can provide anyone sniffing a network with a username that will allow access if the email is not sent over an end-to-end secure link. We are asking our users to make sure they assign a password and then send the password completely separate from any other communication without reference to what it is or what it's for. We also recommend tat it would be preferable to either call the other party or text the password.
It would be acceptable to have the option to make the password mandatory on a user by user basis.
Thank you.
Rob,
We can certainly give you an option that makes this field mandatory. Let us know if you want this feature before the next version is publicly released.
That would be great! The sooner, the better. Thanks.