Password-Protected File Sharing

Password protection is a simple, familiar way to control access to shared files. With FileShot.io, the password is used to derive an encryption key so recipients can decrypt locally in the browser.

How it works

In password mode, FileShot doesn't “encrypt with your password” directly. Instead, your browser uses the password to derive a strong encryption key using Argon2id. This resists GPU/ASIC brute-force attacks and lets the recipient reproduce the same key locally by entering the same password.

The important privacy property is that the server doesn't need the password to deliver the file. It only stores and serves encrypted bytes. Decryption happens in the browser after the password is provided.

When to use password mode

Password mode is the most compatible option when you're sending links through platforms that might strip URL fragments. It's also a good fit when you need a human-friendly secret you can share over a separate channel.

What to share (and what not to)

A best practice is to share the download link and password via different channels. For example: send the link by email, and the password over an encrypted messenger. That way a compromise of one channel doesn't immediately grant access.

Best practices

Use a unique password per share when you can, and avoid reusing passwords from other services. If the file is time-sensitive, combine password protection with an expiration policy so the link doesn't remain a forever-capability.

And the sharp edge: if you forget the password, FileShot can't reset it for you. That's the point of a zero-knowledge design. If you need account-based recovery, you're usually trading away some of the privacy properties.