You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description: There was a change from previous versions when sharing a folder via link. I tried to share a link for a small group of people with a password. In contrast to earlier versions, the password is now being checked for "quality" (e.g., too short, in list of known passwords).
Although I understand that usually it is a good idea to advocate for strong passwords, I am not so sure this makes sense in the specific use case of shared folders. One use case for such folders is to share files with a group of people like students, people on a conference etc., where the password is not strictly confidential anyway. It rather makes sure that the data cannot be collected by automated tools.
I also see that there are other cases where the shared data may be more sensitive, and stronger passwords would make sense. Perhaps a good solution might be to make the password checks optional (e.g., opt out).
Problems with the current implementation:
Setting a password at all is optional for shared folders. A "weak" password provides at least a mild barrier against automated data collection and has a legal function (e.g., sharing teaching material that contains copyright-protected images with a class). If setting "easy" passwords gets more difficult, this encourages people towards not setting any password at all
The way this is currently implemented, nextcloud shows a warning notification. If the password is not changed and the user confirms the shared link, the folder by default gets shared with no password at all. This introduces a new potential security issue.
Suggested solutions:
remove the password sanity check
provide an opt out or opt in setting for the security checks
The text was updated successfully, but these errors were encountered:
Version: Nextcloud Hub 8 (29.0.2)
Description: There was a change from previous versions when sharing a folder via link. I tried to share a link for a small group of people with a password. In contrast to earlier versions, the password is now being checked for "quality" (e.g., too short, in list of known passwords).
Although I understand that usually it is a good idea to advocate for strong passwords, I am not so sure this makes sense in the specific use case of shared folders. One use case for such folders is to share files with a group of people like students, people on a conference etc., where the password is not strictly confidential anyway. It rather makes sure that the data cannot be collected by automated tools.
I also see that there are other cases where the shared data may be more sensitive, and stronger passwords would make sense. Perhaps a good solution might be to make the password checks optional (e.g., opt out).
Problems with the current implementation:
Suggested solutions:
The text was updated successfully, but these errors were encountered: