One-Time-Password to e-mail, so user can download files from a folder

Hi,

need some advice because I am unsure: I want to share a folder with a group with known e-mail addresses. If a user wants to download the files in this folder, she/he gives her/his e-mail address and receives a one-time password per e-mail on this address. With this password she/he can log in once to the folder on my Nextcloud and is able to download the files.

Which Nextcloud app could I use to achieve this? Is there an app?

I am stuck and would appreciate a hint.

Thank you very much.

The share function is part of the base package and doesn’t require an additional app to be installed. Just configure the share function as you want, set e.g. if a password is required by default or how long a share should be valid, and then share a file/folder.

A given password is always valid for the defined period of time and therefore isn’t a real on-time-password.

1 Like

Yepp I found this. But I want to send the password to the user automatcally when he enters his e-mail address into a field. Then he gets an e-mail with the passwort that is valid for one day to enter this folder. Is this possible?

No automatic email option is available (yet?), so just the manual method is all you can do now - creating the password and sharing it via a separate mechanism.

1 Like

Perhaps you like the Guests App. You do not need a password because the user defines the password. Because of security reason it makes no sense to send a url and a password to the same email-address (in one or two emails). That is stupid.

It also makes no sense to define a only-one-download. Afterwards the user can copy all million times.
If you need it search “burn after reading” e.g. https://privatebin.net
Also search Jirafeau and FileShelter
Would be a nice nextcloud app. Perhaps someone like to program it.

Perhaps you can write a cron process to delete all guest users at midnight :wink:
Also you can delete manually the guest users or the shares to guests.

https://apps.nextcloud.com/apps/guests

2 Likes

Why Nextcloud does not have OTP to email sharing like OneDrive? It’s very useful to prevent reshare with permanent password. Share with permanent password is stupid share.
https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/introducing-a-new-secure-external-sharing-experience/ba-p/112624)

Why not? The email is only the way to the storage place. If you use real user on your nextcloud you can also activate OTP.

The advantage of Microsoft is only that almost sender and receiver has got a Microsoft account and mostly a Microsoft client or another OTP. Also see at Google with Android and Apple with iOS. Or Amazon who owns almost all billing information of the world.

Yes. You do not need Nextcloud. Microsoft can make it better.
Also you need no supermarkets. Amazon makes it better.

This feature does not add much security. Once you have shared something with someone, it is out of your control what happens to it. End of story! The user can download it, he can copy it 100000 times and redistribute it, he can print it, he can take screenshots, he can take pictures with his cell phone, he can show it to other people on his screen etc…

If you want to have more control over who can log in to these shares, I’m afraid you have to go the extra mile and create real accounts for these users and enforce 2FA. But feel free to make a feature request on GitHub or better a pull request if you absolutley need a feature like that… :wink:

1 Like

@datenteiler

If you want to control the data you can read secure view. Perhaps this can give you additional security.

Yup, but keep in mind…

Note that this feature will prevent most normal users from downloading the content but keep in mind how the web works: If you can see something on it – it is there and it can be copied by users with more technical skills. Secure view restricts the ability to download the file but this can be worked around with screenshots and browser tricks. Moreover, it has to be supported by Nextcloud apps, and most don’t support this yet. Think of the PDF viewer, gallery app and so on. Collabora and ONLYOFFICE have both implemented support for this, however, see below.

…and it is not that hard to get the the actual link to the file that downloads it. For real protection you would need some kind of DRM. And we all know how well that works for the movie and music industry :wink:

Here is a good video for secure view (Collabora Online / OnlyOffice). It is watermarking and not only a hide of the download. It does not work in Nextcloud Files. You must use an office software (Collabora Online / OnlyOffice).