5 comments

[ 5.0 ms ] story [ 25.0 ms ] thread
I guess there are use cases where this is a useful service. Some such use cases should be described to make thing easier to understand.

I think that is it actually the URL that expires, not the password. Once you know the password, nothing prevent you to use it long after the link has expired. Unles s I missed something really big...

No, you put your finger on the elephant in the room.

The "temporary password" is more like a yellow sticky note: it curls up and fall off your terminal after 3 days, but you can still find it on your desk(top) if you look around.

The scheme only works if the user did not write the password down and did not save a copy of the unencrypted document / web site.

(comment deleted)
I agree that the passwords themselves don't expire. The meaning I'm trying to convey is that if you shared the URL in an email, for example, the password associated with that URL would no longer be accessible. It's quite likely the password itself has been written down. Perhaps a better marketing message is as you suggest, 'Password URLs that expire'