Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. Data associated with a user account is stored at the cloud-based storage service. A portion of the data is associated with a heightened authentication protocol, a first request receiving, at the cloud-based storage service, for an application to access data that is associated with the heightened authentication protocol. The first request is authenticated based on the heightened authentication protocol. In response to authenticating the first request, permission is granted to the application to access the data that is associated with the heightened authentication protocol. The permission is time-limited. It is determined that the application is editing the data that is associated with the heightened authentication protocol. Permission for the application to access the data while the application is editing the data is temporarily extended.

Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. Data associated with a user account is stored at the cloud-based storage service. A portion of the data is associated with a heightened authentication protocol. a first request receiving, at the cloud-based storage service, for an application to access data that is associated with the heightened authentication protocol. The first request is authenticated based on the heightened authentication protocol. In response to authenticating the first request, permission is granted to the application to access the data that is associated with the heightened authentication protocol. The permission is time-limited. It is determined that the application is editing the data that is associated with the heightened authentication protocol. Permission for the application to access the data while the application is editing the data is temporarily extended.