Second Password Policy for shares

[ingroxd]

How to use GitHub

• Please use the 👍 reaction to show that you are interested into the same feature.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Is your feature request related to a problem? Please describe.
Users get always frustrated when they want to set a password for their shares and prefer not to set a password at all, diminishing the overall security of their files.

Describe the solution you'd like
It would be great to have another Password Policy which applies only for shares.

Describe alternatives you've considered
I considered:

• enforcing the passwords for shares, but it would take the User Password Policy which is a bit too restrictive for a daily use.
• Lowering the Password Policy, but it is not a desiderable solution because also users account are affected.

Additional context
I set the Password Policy to a likely high standard, because all of the users make use of Password Managers.
Of course a high password policy can be unproductive when you have to share a file with a regular user and/or need to do it quickly.

The solution that I think would work best is to have another Password Policy for shares, in order to lower it just for shared files.
The reason why I think would be better is that other security features are in place, like:

• The link must be manually shared with people;
• There's an expiration date enforced;
• There's a flag for the upload feature.

Plus, having another Password Policy would prevent admins from lowering the User Password Policy which I guess is not a desiderable solution.

At the moment the only Password Policy we have seems to explicitly refer to users (option User password history).

[kesselb]

nextcloud/password_policy#117