Password-Protected Sharing

When sharing audio files publicly, you may want an extra layer of security beyond just having the link. Password protection ensures that only people with both the link and the password can access your content.

What Is Password Protection?

Password protection is an optional security feature for public shares in Feedtracks. When enabled:

• The public link remains active
• Visitors must enter the correct password to access the content
• Passwords are securely stored using bcrypt hashing
• Each share can have its own unique password

What Can Be Password Protected?

You can add password protection to:

1. Individual Tracks

Protect a single audio file shared via public link.

2. Playlists

Require a password to access an entire playlist of tracks.

3. Folders

Protect all contents of a folder shared publicly.

4. Shared Drives

Add an access password to entire shared drive access.

How Password Protection Works

Security Implementation

Feedtracks uses industry-standard security for password protection:

1. Your password is never stored in plain text
2. When you set a password, Feedtracks generates a bcrypt hash
3. The hash is stored in the access_password_hash field
4. When someone enters a password, it’s compared against the hash
5. Only matching passwords grant access

What this means:

• Even database administrators cannot see your passwords
• Passwords cannot be recovered, only reset
• Brute-force attacks are computationally expensive (bcrypt is slow by design)

Access Flow

When someone visits a password-protected link:

1. They see a password prompt screen
2. They enter the password you provided
3. Feedtracks hashes their input and compares it to the stored hash
4. If the hashes match, they gain access
5. If not, they see an error and can try again

Setting a Password on a Public Link

For Tracks

1. Open the track you want to share
2. Click the Share button
3. Toggle Make Public to enable public sharing
4. Toggle Require Password to enable password protection
5. Enter your desired password
6. Click Save or Create Link
7. Copy the public link to share

For Playlists

1. Open the playlist
2. Click the Share button
3. Toggle Make Public
4. Toggle Require Password
5. Enter the password
6. Click Save
7. Share the public link

For Folders

1. Navigate to the folder
2. Click the Share button
3. Enable public sharing
4. Enable password protection
5. Set the password
6. Share the link

Sharing the Password with Recipients

After setting a password, you need to communicate it to your recipients separately:

Best Practices for Password Distribution

✅ Do:

• Send the password via a different channel than the link (e.g., link via email, password via text)
• Use a secure messaging app for the password
• Verbally communicate simple passwords for in-person collaborations
• Use password managers to share complex passwords securely

❌ Don’t:

• Include the password in the same email as the link
• Post the password publicly on social media
• Use extremely weak passwords like “1234” or “password”
• Share passwords over unencrypted channels for sensitive content

Example Workflow

Email:

Hi team,

Here’s the latest mix: [public link]

I’ll text you the access password separately.

Text message:

Password for the track link: MixFinal2024!

Changing or Removing a Password

To Change a Password

1. Open the item (track, playlist, or folder)
2. Go to Share Settings
3. Enter a new password in the password field
4. Click Update
5. The old password immediately stops working
6. Notify recipients of the new password

To Remove Password Protection

1. Go to Share Settings
2. Toggle Require Password off
3. Click Update
4. The public link now works without a password

Note: The public link URL remains the same whether password protection is on or off.

Multiple Shares with Different Passwords

Currently, each item can have only one password set via the access_password_hash field. However, you can achieve multiple passwords by:

Creating Multiple Share Links (Future Feature)

If you need different passwords for different groups:

• Create separate share links with different passwords (if your subscription supports multiple links per item)
• Share Link A with password “ClientA2024” to Client A
• Share Link B with password “ClientB2024” to Client B

Alternative: Use Access Levels

Instead of multiple passwords:

• Invite specific collaborators with email-based access
• Use access levels (Admin, Editor, Viewer) for granular control
• Reserve password-protected public links for external recipients

See Understanding Access Levels for details.

Combining Password Protection with Expiration

For maximum security, combine password protection with expiration dates.

Setting Up Combined Protection

1. Enable public sharing
2. Enable password protection and set a password
3. Enable Expiration and set a will_expire_on date
4. Share the link and password

Benefits

• Time-limited access: The link stops working after the expiration date
• Password security: Only people with the password can access before expiration
• No manual cleanup: The link automatically expires

Use Cases

Client review cycle:

• Share a mix with password protection
• Set expiration for 7 days from now
• Client can review during the week
• Link automatically expires after the deadline

Temporary collaboration:

• Share files with a freelancer for a project
• Set password for security
• Set expiration for project end date
• Access automatically revokes when project completes

Password Best Practices

Choosing Strong Passwords

Good passwords:

• ✅ Mix of uppercase, lowercase, numbers, and symbols
• ✅ At least 12 characters long
• ✅ Unique (not reused from other services)
• ✅ Not based on dictionary words
• ✅ Example: TrK$mix47_Final!

Weak passwords:

• ❌ Short (less than 8 characters)
• ❌ Common words (“password”, “audio”, “track”)
• ❌ Sequential (“123456”, “abcdef”)
• ❌ Personal info (your name, birthday)

Context-Appropriate Security

Match password complexity to content sensitivity:

High security (mastered album before release):

• Long, complex password
• Change password after each share
• Combine with expiration dates
• Send password via encrypted channel

Medium security (client review):

• Moderate complexity
• Unique password per client
• Set reasonable expiration (1-2 weeks)

Low security (sharing with friends):

• Simple but not trivial password
• Easy to communicate verbally
• Longer expiration or no expiration

Password Management

Use a password manager:

• Generate strong random passwords
• Store passwords securely
• Share passwords with specific people
• Examples: 1Password, Bitwarden, LastPass

Keep a record:

• Note which password goes with which link
• Document passwords in your project notes
• Store passwords separately from links

Troubleshooting

Recipients can’t access with the password

Possible causes:

• They’re entering the wrong password (check for typos, case sensitivity)
• You changed the password and didn’t notify them
• The password was copied incorrectly (extra spaces, wrong characters)
• The link has expired

Solution:

• Verify the exact password you set
• Resend the password via a different method
• Check if there are hidden spaces or formatting issues
• Verify the link hasn’t expired

I forgot the password I set

Unfortunately: Passwords cannot be recovered because they’re stored as hashes.

Solution:

• Set a new password in Share Settings
• Notify all recipients of the new password
• Consider using a password manager to avoid this in the future

Password protection isn’t working

Possible causes:

• Public sharing isn’t enabled
• Browser cache issues
• Network or server issues

Solution:

• Verify Make Public is toggled on
• Verify Require Password is toggled on
• Try accessing the link in an incognito/private browser window
• Check if the password was saved correctly

Need to give access without changing the password

If you can’t share the existing password:

• Temporarily disable password protection
• Have the person access the content
• Re-enable password protection with a new password

Better approach:

• Use email-based invitations with access levels instead
• This gives you per-person access control without shared passwords

Someone is sharing my password

Solution:

• Change the password immediately in Share Settings
• Only send the new password to trusted recipients
• Consider using email-based access with individual accounts
• Set an expiration date to limit the exposure window

Password Protection vs. Access Levels

Understanding when to use each:

Use Password Protection When:

• ✅ Sharing with people outside your organization
• ✅ Recipients don’t have Feedtracks accounts
• ✅ You need quick, temporary access control
• ✅ You want simple “password + link” sharing

Use Access Levels When:

• ✅ Sharing with team members or regular collaborators
• ✅ You need granular permissions (view, edit, admin)
• ✅ You want per-person access control
• ✅ Recipients have or can create Feedtracks accounts

Combining Both:

• Invite core team members with access levels
• Share password-protected public links with external reviewers
• Example: Studio team has Editor access, client gets password-protected Viewer link

Security Considerations

What Password Protection Protects Against:

• ✅ Casual link sharing (someone forwards your link)
• ✅ Search engine indexing (bots can’t access password-protected content)
• ✅ Accidental discovery (link alone isn’t enough)

What It Doesn’t Protect Against:

• ❌ Determined attackers with significant resources
• ❌ Recipients who download and reshare the audio files
• ❌ Screen recording or analog capture

Additional Security Measures:

• Use expiration dates for time-limited security
• Combine with access level restrictions
• Revoke public sharing entirely when no longer needed
• Monitor access logs if available
• Use watermarking for pre-release content (external tool)

Related Articles

• Creating Public Share Links
• Understanding Access Levels
• Inviting Collaborators
• Making and Managing Playlists