Sending the link and the password in the same email message - Secure?

Hi community,

I’m working for a company that has a need for a solution to transfer big files with a lot of privacy sensitive information to external recipients. I have suggested to use Nextcloud for that. It’s working fine and a lot of my colleagues are happy users. However one of them has notified me of the availability of the outlook email plugin for Nextcloud. I’ve watched the demo video which has left me with a question. I’ve seen that the plugin integrates outlook with the Nextcloud storage by generating a link and a password that is automatically placed in an email message and sent to the recipient. I’m wondering what exactly the security model is behind this solution. In my opinion is sending a link along with the password in one email not a very secure solution. I prefer to send a link with email and send the password through a different channel (SMS, Whatsapp etc). Even sending the password in a second email is not very secure. Why would the “man-in-the-middle” have only access to the first and not to the second email?

your thoughts please?

You could encrypt that email for more security, or do what you said which is send the password through a separate channel.
The fact that the share even has a password prevents any bots or anyone who gets ahold of that link from downloading the content unless they also get the password. The only people getting that would be either the intended recipient of the email or anyone snooping on that account.
My guess is that the Outlook plugin can only do so much, and wouldn’t be super useful if it didn’t put the password in the email (it can’t send a text message, etc.). It’s not the most secure way possible, but it’s a pretty good default.