Starting in Cerberus FTP Server 13.2, users, if permitted, can create One Time Password (OTP) shares. This feature allows greater control over who can access shared content by confirming a guest’s identity via an email message.
When a Web Client user has shared a file or folder, the recipient will be prompted to provide their email address. When they visit the link provided to them, they will see a screen like the one shown below:
OTP Authentication Screen
If a password is required, the recipient enters the password in the Password box. The password is case sensitive and must be entered exactly as provided.
Next, they enter their email address. The email address is not case sensitive, but must be the same email address the Web Client user entered when creating the share. The recipient must be careful to enter the correct email address because guessing too many addresses could block then from accessing the share.
Once the recipient has entered the necessary information and clicked the “Request OTP” button, an OTP code will be emailed to them at the email address entered. The email contains the code that must be entered and how long the code will work before it expires and a new code needs to be sent. The recipient copies the code and pastes it into the Code field as shown in the screenshot below. Note: only the last code sent will be accepted - if multiple codes have been requested, only the last code sent is accepted.
If the code entered does not work, or if one hasn't been received within a few minutes, a new code can be requested by clicking the “Resend Code” button. There is a limit to the number of codes that can be requested before the recipient would have to wait twenty minutes to try again. If accessing the share is time sensitive, the recipient can contact the Web Client user to release the wait time early.
Entering too many incorrect codes will also lock the recipient out of the share. For security reasons, this lock will not automatically reset, the recipient must contact the Web Client user who sent the share to unlock access.
After entering the correct code and clicking the “Submit” button, the recipient is granted access to the shared file or folder.
When the recipient is done accessing the share, it is recommended to logout to prevent any further access to the information. The “Logout” button is located in different places depending on whether they are accessing a File or a Folder share as shown in the screenshots below.
File Logout Folder Logout
There is a limit on how many OTP codes that can be sent in a given amount of time. If the recipient clicks Resend Code too many times, their account will be paused and they will need to wait the specified time before trying again. An example for a shared folder is shown in the screenshot below.
Resend Code Limit Exceeded
After waiting the time shown, the recipient can click Refresh to return to the OTP Code Prompt screen. If accessing the share is time sensitive, they can contact the Web Client user that created the share to reset their access early..
If an incorrect OTP Code is entered too many times, the recipient will be locked out from accessing the share. In this case, they must contact the Web Client user who shared the file or folder in order to reset their access to the share. An example of this error message for a shared folder is shown below.
Access Locked Out
If the system cannot send the OTP Code or if the recipient's account no longer supports sending emails, they may receive a general error. An example of this error message is shown in the screenshot below.
In this case, the recipient needs to contact the Web Client user who shared the file or folder. Nothing can be done to access the share until the Web Client user has resolved the issue on their side.
Finally, there is a general block. If the recipient tries to guess the email address, provides the wrong password for a share, or otherwise abuses the system, the recipients' IP address will get blocked. In this state, there are no error messages. The recipient's browser will no longer be allowed to do anything on the site until the block is released. In this case, the recipient will typically need to wait a couple of hours for the block to be released before they can try again. In some cases, the Cerberus admin will have set IP's to block permanently, in which case the recipient will need to contact the creator of the public share to get their IP unblocked.
Blocks can be confusing, but are important to ensure the system is available for valid users and guests. So it is important to emphasize to recipients that will be getting your shares that if they are unsure what email address they authorized, they should ask the Web Client user that created the share to confirm what email address they have. Also, they should take care when entering or copy/pasting the share’s password.