Yes it is. 


In some instances, passwords are an appropriate security measure. However, asking a client to create credentials and remember their password for a system that they might only access once or twice is seen by many as a nuisance and could be a hindrance to engaging your client in an enjoyable user experience.  

Sometimes, a better approach is to provide a unique web address that they don't need to remember, and which others can't really guess. This is the approach used by many banks when undertaking electronic email transfers.

In BrokrBindr, you can invite clients to upload documents into their application. This is typically done by sending them a link with what is called a has key. This could look something like this: https://app.brokrbindr.com/#/share/FxeUYctL8QGs7Cyj.

Can a string like that be guessed? No, it can't.  

Don't believe me? Let's do the math.  

If we used as few as 6 characters in the random key, or even seven characters, some might be able to guess the key; someone could likely "brute force" a solution in a matter of hours. But that's not what we do.

We implement industry-standard security methods, based on randomly-generated 16-character strings. Each of those sixteen characters can be any of 64 different values (e.g. upper and lower case letters, numerals, some special characters, etc.). The number of combinations available (scientifically speaking) is 8 x 10 to the 28th power. That is about a 100 billion billion billion combinations, or about 100,000 times more combinations than there are stars in the universe.

Arguably, someone could write a program to try to "guess" the value. A very quick computer with a very quick internet connection could maybe make one guess every 20 milliseconds, or about 180,000 guesses per hour. This is even more requests than a standard server could process, and we would know that we were being "hacked", and could block the source of the hack in very short order.

However, even if we did allow a guessing program to make 50 guesses a second and to continue unabated nonstop for a year, the likelihood that his program could guess the string within that year is about one in 200 billion billion. This number is unbelievably large.

If someone wanted even a one-in-a-billion chance of guessing the string, their program would need to run for 50,000,000,000 years (50 billion years). That's about 4 times longer than the universe has existed.