Hilfe Center

Tips and information on security settings in netfiles

netfiles uses extensive technologies for the security and protection of content in the netfiles data rooms. In addition, we recommend further measures and behaviors for users and administrators.

Access rights and user groups

In a newly created netfiles data room, only administrators initially have access to folders and their contents. Users or user groups can only access content once administrators have granted the corresponding access rights. Individual access rights can be set for each folder and each document. For reasons of security and handling, access rights are only assigned to groups and not to individuals. User groups to which no access rights have been assigned see neither folders nor files and their contents. Administrators can use the “Accessible documents” function in the “Groups and users” area to check the access rights for all groups and users. Users generally have no access to administration/settings and the information area in the netfiles data room.

Password strength

The strength of the passwords assigned by users is of great importance for the protection of data in the netfiles data room. A key factor for security is the length of the password. The more characters a password contains, the more possible passwords there are. This makes it very difficult or practically impossible for an attacker to guess a password by trial and error. netfiles recommends a password length of at least 10 characters. The so-called character space is also important for password security. A secure password should ideally consist of upper and lower case letters, numbers and special characters. Passwords should never be stored unencrypted on a computer or written down on paper. If you use many online accounts, we recommend using a password management program (password manager) to store and manage passwords securely. Such software usually also contains a function for generating secure passwords. You can also define complex and therefore secure passwords yourself using the following method, for example. Think of an easy-to-remember sentence and use the first or last letter of each word. Replace individual letters with numbers or special characters. Here is an example:
Sentence: “I spent my best vacation in Rome in 2005”
The first letters result in: MsUhiiRiJ2v.
The “i” in “me” is replaced by “!”.
The password is MsUh!iRiJ2v. Do not use a literature quotation or similar, but make up the sentence yourself. Do not use the same password for different online services. Otherwise, there is a risk that an attacker could use a stolen password to gain access to several of your online accounts (e.g. bank account and e-mail address). Do not send passwords by e-mail.

As a rule, emails are sent unencrypted and can be read by third parties on their way through the Internet.

Password guidelines

In netfiles, administrators can set mandatory requirements for the strength of the passwords assigned to users in the “Data room settings” under “Password policy settings“. The following minimum requirements for password strength can be defined: Minimum password length
Password must contain special characters.
Password must contain numbers.
Password must contain upper and lower case letters.

2-factor authentication

We also recommend activating 2-factor authentication (login verification) in the data room.
Users must then enter an additional security code in addition to the access data (user name/email address and password), which is sent to the user’s cell phone via SMS or Authenticator/OTP app. The code is only valid for one login. To gain unauthorized access to a user’s data, an attacker then needs not only the user name and password, but also the user’s cell phone. Administrators can activate 2-factor authentication (login verification) in the “Data room settings” section and then “Security“.

Automatic logout

Unauthorized access to your computer while you are away from your workstation is another potential risk. This is why netfiles automatically logs users out after 30 minutes of inactivity. Administrators can specify shorter or longer periods for this automatic logout in the “Data room settings” under “Security”.

Login activity

If you suspect that your login data has been used to access the netfiles data room without authorization, you can check this with the help of the logged logins and activities. To do this, click on “My login activity” under “Information” on the left. Administrators can also view all activities in the data room in the Information activity logs area.