In v3.4, is the "Access Pass" secure method a NEW option or has it replaced the previous secure method that used email validation? This seems like user name /password access where the Access Pass should not ever be shared? Is that correct or are we missing something? I guess we really wanted to know is HOW is the Access pass method secure (or more secure) than the previous email validation method? Are there any other secure options we can use for our recipients to access files/messages we send? We've typically not had our recipients create accounts and login to our server and wish to keep it so.
I paste here the Johan's answer to your same question in the ticket: Access Pass is a slightly less secure method of authenticating users than the previous email validation, mostly because users on default can reuse the same access pass for a week. This is configurable in Admin -> Configuration -> Settings. If you want a more secure method of authenticating users, it’s best to create user accounts for external users as well. In Admin -> Configuration -> Settings, there’s a setting to require external users to create user accounts. Once users have accounts, you can add things like two-factor authentication and similar to make authentication a lot stronger if that’s what you require.
