One-Time Password (OTP) secured public file sharing is now available in Cerberus FTP Server 13.2. With this release, users have the ability to restrict and track access of public file shares from the web-client with a new security option that restricts access to the share based on email address and a one-time password. This new security option allows finer-grained control than previously possible and allows users to track activity on their public shares.
What is a One-Time Password (OTP)?
A one-time password (OTP) is an alphanumeric on-demand generated code that is only valid for a single use. In the case of Cerberus FTP file sharing, this is a configurable password that is generated and emailed to the file share user (guest). This confirms that the guest is who they say they are by showing they have access to the email address. Once an OTP is entered, it is no longer a valid code to get into the file share at another time. This makes it impossible for someone to attempt to use the same code again. OTPs generated by Cerberus FTP Server are also time-locked (tOTP), meaning they are valid for only a short window of time. This prevents old, unused codes from being used at a later date.
How to use an OTP File Share
There are three primary entities involved in using an OTP file share:
- Administrator: This is the server administrator. They control the settings of the OTP and configure how this feature is used. This includes information on share configuration, and new reporting features. See the Administrator OTP guide
- Client: This is the user of Cerberus FTP Server. If allowed by the Administrator, they may enable OTP while creating a Public Share. When enabled, a list of Guest emails is added to the Public Share. The Guest list can be managed by the Client. See the User OTP guide and the full User Public Share guide
- Guest: These are the allowed users for an OTP-enabled Public Share. They are identified by their email address, and are allowed access to the share by entering a valid OTP code. See the Guest OTP guide
Read through these documents from the point of view of a specific entity to understand this new feature
This is a great new security feature available in Cerberus FTP Server 13.2 Enterprise edition. To learn more about all of the new features in Cerberus FTP Server 13.2, check out our release notes here. Feel free to contact us and give us feedback on your Cerberus FTP Server experience.