Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
IT

Dropbox is Working On Its Own Password Manager (androidpolice.com) 22

AndroidPolice: Dropbox just unceremoniously dumped a brand new app on the Play Store with no fanfare or formal announcement. The new Dropbox Passwords app, according to its listing, is a password manager available exclusively in an invite-only private beta for some Dropbox customers. Based on screenshots and description, the app seems pretty barebones -- or "minimal," depending on your tastes. Dropbox seems to intentionally avoid calling it a "password manager," though its functionality otherwise appears about the same as other solutions. Like other password managers, Dropbox Password can generate passwords for new accounts as required and sync them remotely so you can access all your passwords on multiple devices. It also uses zero-knowledge encryption to store those passwords remotely.
This discussion has been archived. No new comments can be posted.

Dropbox is Working On Its Own Password Manager

Comments Filter:
  • Is when will they add an email client (http://catb.org/jargon/html/Z/Zawinskis-Law.html).
  • It would be good form if the submitter linked to the application's source code.
  • It can’t be a Zero Knowledge encryption system to store the password. The entire point of a Zero Knowledge system is that the password is not stored or transmitted, nor is it recoverable at the remote end.

    Most Zero Knowledge protocols that I know of are time-bound as well so you can’t just generate the token for a given use and dispose of the password. Besides, it’s a password manager, people will want the passwords back!

    • The entire point of a Zero Knowledge system is that the password is not stored or transmitted, nor is it recoverable at the remote end.

      I think you confused yourself with your use of "password" instead of "key" in the quote I pulled. In zero knowledge encryption, the key is neither transmitted to nor recoverable by the party receiving the encrypted data, that is, you generate and use a key that never leaves your device, thus ensuring that while they may hold your data, they lack the knowledge necessary to decrypt it. Passwords have nothing to do with it, other than that in this case the data being encrypted happens to be a set of passwords

  • They will store five passwords for free. To get 50, it's $2/mo. More than that, and you'll need an enterprise account.
  • That'll be fun when they do this again... https://www.wired.com/2016/08/... [wired.com]

    • Yup - it's possible there is one word I think of when I think of Dropbox, but that word certainly ain't security.

      Even setting that breach aside... this is the company that demanded full unfettered control of all aspects of OS X / macOS just to operate, up through 10.13 High Sierra - despite their application working just fine without having it. AND if the user didn't willingly give that level of access to them, they would use various underhanded means (such as faking system dialog boxes) to try and get it.

      I

      • The "faking system dialog boxes" is a mistaken report that simply won't go away - MacOSX itself is the issue here, as it does not have one single coherent privilege escalation dialog box and can display differently depending on the type and version of the framework the app is using. Dropbox was simply using an older framework at the time, and got a different dialog from the ones people were sort of used to from apps using more modern frameworks.

        But, the story that Dropbox faked the dialogs simply will not

        • by phayes ( 202222 )

          That doesn’t change dropbox’s retroactive restriction to the number of allowed clients on the “free” tier from unlimited to three that caused many of us to abandon them. When reinstalling the OS on a machine meant that I lost the ability to sync 1Password to it or now had to pay a fee every month, Dropbox got replaced, removed and added to my blacklist.

          • Theres a lot wrong with Dropbox, and I can help you make a list if you like - I was on the other side of most of this as a Dropbox forum superuser up until 2017, so I know all the past horrors. I dont use Dropbox now.

  • Why not use Birwarden? It's free for the most part and there's no password limits, AND it supports 2FA and Yubikey's.
    • Work had us recently switch to using Bitwarden for anything work related. Coming from 1Password for personal and work use prior to that point, Bitwarden is painful to use. The app feels like it’s everything that’s wrong with sloppy UX design. One of these days I need to make a list of everything inferior about Bitwarden, because I honestly think that our chief IT guy doesn’t realize just how much better password managers can be than it.

  • by bloodhawk ( 813939 ) on Thursday June 04, 2020 @10:07PM (#60147522)
    Just what we need, yet another password manager. Seriously there are more than enough good open source AND commercial offerings out there that this just seems pointless.
  • So, people are still using Dropbox!
  • ... I wouldn't trust them with anything >.

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry

Working...