My organization has created a URL for a Google Doc for others to share. The URL contains more than 100 characters....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Are there security issues in shortening the URL to six characters? Are there benefits to having long URLs?
Short URLs are designed for convenience, not for security. They contain a domain -- such as goog.le -- and five or six tokens.
Long URLs of 100 tokens or more are difficult to remember. They need to be copied and pasted from an email's message block into the URL address field. However, Twitter, for example, limits its users to 120 characters. Also, it is easier for users to remember a short URL and type it in the URL address field.
Friends and trusted collaborators use short URLs to share Google Docs and Sheets on desktops, tablets and smartphones. Users are not required to use passwords to view and edit these files. When using mapping services, users share locations and directions between, for example, home residences and medical facilities or physician offices.
An attacker can scan short URLs using brute-force searches. When the attacker discovers a short URL, running it exposes the long URL in plain view text. This exposure enables the attacker to inject, for example, malware into editable Microsoft Word and Excel files and scripts for images and videos.
Microsoft OneDrive and Google Drive are two primary cloud storage services that generate long URLs. Cloud-stored files are automatically copied to a user's personal computers, tablets and other devices. These include files the attacker injected with malware in the cloud.
Beginning in September of 2015, newly created short URLs for Google Maps have a token of 11 or 12 characters. This makes it more difficult and time-consuming for the attacker to scan the URLs by brute-force, discover a short URL and exploit the content behind it.
On March 2016, Microsoft removed the shorten link option from OneDrive. All previously generated short URLs are vulnerable to scanning and malware injection.
Longer tokens in short URLs are not available for Google Docs and Sheets. Enterprises and users should continue to use long URLs.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Learn how to detect malicious shortened URLs
Discover the security risks of URL-shortening services
Find out how to prevent data loss in Office 365
Dig Deeper on Web browser security
Related Q&A from Judith Myerson
A swatting attack resulted in the death of a Kansas man. Expert Judith Myerson looks at the technology these attacks use and what can be done to make...continue reading
The Devil's Ivy bug affects millions of internet-connected security cameras. Expert Judith Myerson explains how the exploit works and what can be ...continue reading
An IoT botnet attack on Huawei home routers showed similarities to the Mirai malware. Expert Judith Myerson explains the threat and how enterprises ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.