Improving security during file sharing: password protection and encryption

Sites like for example Ge.tt make file sharing real easy but if you’re sharing an important file (e.g. sensitive financial data), just passing a shared file’s URL to your recipient isn’t very secure – anyone can get at your data if there’s no password protection or encryption at the sharing site. If you’ve emailed the link to your recipient, that can have security issues as Lifehacker explained in a post today. You have no control over the recipient’s server and they may download your attachment from an unencrypted HTTP connection (i.e. not HTTPS). Clearly for the most sensitive data there’s no substitute to passing it on in person if possible, but failing that there’s a couple of options you can try to improve security during file sharing.

Password protected file sharing

There are a number of sites which offer password protected file sharing and I’ve just picked out a couple. For example Wikisend

file sharing1

The service is free and you can share a file up to 100MB with password protection. Obviously sharing the link and the password in the same email is not the smartest idea so you should really try to send the password to your recipient by a separate route for security.

Another service is divShare

file sharing2

With their free account, they offer up to 5GB of storage and 10GB downloads/month.

File encryption

Another route to secure file sharing is to email the encrypted file to the recipient but again sending the password separately. The encryption plus the need for a (strong) password to decrypt it should deter any snoopers on hosting servers.  I use the free utility AxCrypt to encrypt all sensitive files on my computer. And when you right click on a file to encrypt it, you get the option to Encrypt a copy to a EXE. This creates a password protected self-decrypting exe file which you can email to your recipient. They don’t need to have AxCrypt installed to decrypt the file, just the password. Again, send the password separately. Another possibility would be to use the archiving utility 7-Zip to create a password protected encrypted archive with your file or files.

Dropbox

The Lifehacker article mentioned above notes that Dropbox offers encrypted transmission for file storage and sharing. You and your recipient can set up a shared Dropbox folder. Anything you put in that folder would travel encrypted from your Dropbox folder to Dropbox’s servers to your recipient’s Dropbox folder. In a blog post today on Download Squad, they note that Views.fm can let you create public or private shares of your Dropbox folders. Private shares are only accessible to people you invite via email, and you can see and edit who has access right from your Views.fm shares list.

So there’s some thoughts on secure file sharing… or at least securer file sharing. It’s clearly not perfect with distribution of passwords to access shared file an area of concern. So do you secure your shared files in any way? Drop a comment below with your thoughts.

2 Responses

  1. mercer Says:

    I Started using TAWKLE . it offers unlimited uploads and downloads and its for FREE

  2. Jon Taylor Says:

    I find it interesting that you’ve looked at online file sharing websites and then looked at encryption as a separate offline task.

    I’ve built a website that does public/private key encryption in the browser, so you get the benefits of a simple “access anywhere” website, while at the same time not having to trust the host with your data as its encrypted before it reaches our servers.

    If you are interested in it please send me an email, and if you wanted to write about it then i’d be happy to talk you through some of the other more complex points.

    Cheers

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment. Please do not use keywords in the Name field. Comments must relate to the post topic. This website is here to help people, not for advertising purposes.

Please complete puzzle and then submit your comment *
Time limit is exhausted. Please reload CAPTCHA.

` `