Dropbox Passwords Rolls Out Free Version Just as LastPass Limits Free Users (gizmodo.com) 39
Just as LastPass nerfs the free tier of its popular password manager, Dropbox has swooped in with a free version of its own password app -- but there's a bit of a catch. From a report: Dropbox today announced that Passwords will soon be free to all of its users, whether they're on its free basic plan or one of its premium individual or business tiers. Beginning in early April, any Dropbox user will be able to access a limited version of Passwords that will securely store up to 50 credentials. The catch here, of course, is that most people likely have more than 50 passwords to various accounts, and a password manager should ideally be used for all of them.
Up to 50 passwords (Score:5, Insightful)
Re: (Score:2)
Keeping all your passwords on a single a written copy is actually a BAD idea, especially if you use the passwords a lot. Either you'll have to reference the notebook frequently, and thus it won't be physically secure, or you'll end up using weak passwords or repeating them on multiple sites. And if you lose that notebook, you're SOL.
Re: (Score:2)
Re: (Score:2)
This feels like something that will encourage bad password security as people will think they're doing the right thing by using "strong" passwords in a password manager, but they'll reuse those passwords so that they stay under the limit.
One Stop Shopping for Hackers (Score:2)
Friendly reminder (Score:2)
That Condoleezza Rice [dropbox.com] is still on their board.
Re: (Score:2)
She was a participant in another Big Lie under another former Republican president.
Corrupt people shouldn’t be rewarded with positions of power, nor should the public be patrons of companies that give out such positions.
Re: (Score:2)
Condolezza Rice should be an inspiration to us all.
It has often been said that a woman needs to be twice as good as a man to be considered half as capable.
Yet, Ms. Rice, a black woman, has succeeded despite being wrong about every policy decision she ever made, incompetent in every leadership position she ever held, and responsible for the needless deaths and maimings of thousands of American soldiers and millions of foreign civilians.
She is a shining example of how America has overcome the prejudices of th
Most people have more than 50 passwords? (Score:2)
Re: (Score:2)
Variations are also different passwords.
The real situation is that people have scores of different sites that require user/pass plus maybe other "secrets" and over time, even if they try to use the same small number of passwords due to the various arbitrary site requirements for user names and passwords, which gradually change, they will end up with many variations and will not remember what are the exact credentials needed for most of the sites they access infrequently.
Re: Most people have more than 50 passwords? (Score:2)
Itâ(TM)s not a 50 password limit, itâ(TM)s a 50 site/login limit.
Re: (Score:3)
Most people stick with the same 2-3 passwords... more than 10-12 I'd be amazed.
Apparently, you do not know anyone that uses a password manager in the way it is intended. The goal is not to save the effort of typing a few characters one already knows. Instead, it is to get out of the business of remembering passwords in the first place.
Once you embrace not knowing passwords, it is no big deal to have unique 64 character passwords per site. Heck, the inbuilt generators also mean that you don't even need to come up with them.
Use KeepassX And Dropbox (Score:2)
I keep my KeepassX file in Dropbox and can manage as many passwords as I like, for free.
Re: (Score:1)
Re: (Score:2)
I also use KeePass with a .key file that has never been on the Internet.
Re: (Score:3)
Keepass is available on just about every platform... and it's free!
Re: (Score:2)
I do exactly the same thing. And if Dropbox ever becomes unusable to me someday, I can always switch the "file hosting" part to some other service.
Password management is the one software category where "open source, all platforms, no corporate-lock-in" becomes a REQUIREMENT, not just a nice to have.
Re: (Score:2)
KeepassXC is quite solid. I'd be just fine using NextCloud or some other way to share its database, but it has a optional private key you can keep off of services like Dropbox, just to be sure.
Re: (Score:2)
KeepassXC is quite solid. I'd be just fine using NextCloud or some other way to share its database, but it has a optional private key you can keep off of services like Dropbox, just to be sure.
I also use KeepassXC. Even though I know the database is encrypted, for off-site backup I encrypt it using GPG with my private key, just as I do with all of my off-site backups.
Re: (Score:3)
I use the KeeWeb website [keeweb.info]. You can link it to multiple back ends using OAuth, or use the local filesystem. The code is all client-side, and available on GitHub [github.com].
No thanks (Score:5, Informative)
Re: No thanks (Score:2)
Yeah I just switched to Bitwarden. I like that itâ(TM)s open-source and I can host it myself if I want to. The in-browser ui isnâ(TM)t as smooth as LastPass, but Iâ(TM)m sure itâ(TM)ll improve slowly especially since itâ(TM)s getting more attention now.
Re: (Score:2, Offtopic)
It does seem unwise to tie yourself in to a commercial service when there are plenty of good free options.
I use Keepass.
Re: (Score:2)
Same. Moved from 1Password and very happy with it.
Glad I have my own. (Score:2)
it's quite primitive, but I have my homemade password manager, which is naturally free of those free-for-a-while-then-premium bait-and-switch shenanigans we see again and again. Basically take something like a website name (e.g. amazon), take a secret passphrase (e.g. BrownFluffyBatmobile), mangle them together somehow ('(amazon::BrownFluffyBatmobile)'), shove that through sha256, convert to base64, take the first 16 characters and use the result as your password. Then keep a note of the non-secret part of
Re: (Score:2)
it's quite primitive, but I have my homemade password manager, which is naturally free of those free-for-a-while-then-premium bait-and-switch shenanigans we see again and again. Basically take something like a website name (e.g. amazon), take a secret passphrase (e.g. BrownFluffyBatmobile), mangle them together somehow ('(amazon::BrownFluffyBatmobile)'), shove that through sha256, convert to base64, take the first 16 characters and use the result as your password. Then keep a note of the non-secret part of each (e.g amazon in this example), and a short hint as to the passphrase (e.g. put the empty string through and note the first three characters of the output). That sort of thing. I first whipped it up as a bash one-liner, then automated the process.
I recommend you use 22 rather than 16 characters for your password. That will give you 128 bits of entropy, which should be enough for all but state actors. If you are really paranoid, use all 42 characters, which gets you almost 256 bits of entropy, which is considered unbreakable.
Re: (Score:1)
Something a lot like http://hashapass.com/en/index.html
Bitwarden (Score:1)
I pity the fool who trusts their passwords to DB (Score:1)
not free for me (Score:2)
I have more than 50 passwords. so do I want to be limited to 50 passwords or limited to device type or neither? I choose...