Dropbox Pulls the Plug on Password Manager

Dropbox will shut down its password manager service by October 28, giving users until then to extract their data before permanent deletion. The discontinuation occurs in phases: Dropbox Passwords becomes view-only on August 28, the mobile app stops working September 11, and complete shutdown follows October 28. The company cited focusing on core product features as the reason for dropping the service, which launched in 2020 for paid users and expanded to all users in 2021.

It's hard

[timeOday]

Not theoretically hard, but a pita to make it all work and keep it all working. I'm in the process of slowly getting dragged away from firefox to chrome because of the google password manager. I tried for a long time to work with the Nextcloud password manager, I prefer to keep my logins managed on my own hardware, but the web browser (etc) integration was such a PITA and it never got easy. Nor do any 3rd party websites integrate with it so a login to your profile there is accepted as a login to their we

Re:It's hard -- huh

[blahbooboo2]

Your comment is confusing. Are you saying there are no other password managers than the crappy ones built into web browsers? Youre a slashdot 6 digit ID so Im kinda surprised at your comment; Bitwarden is fantastic and works on every platform.

Re:

[timeOday]

Easy website password management is important. Yes, you can keep it all in a separate place, and copy and paste it over every time you're on a different device, it's just a pain. But if Bitwarden has good browser/tablet/phone integration cross-platform, I will give them a look. I seem to recall they charged money for that stuff, but maybe I am wrong, or maybe it is a reasonable price.

Yes I have developed software for a very long time, but I've recently retired (albeit not really by choice) and I think m

Re: It's hard -- huh

[tele]

Any decent password manager comes with browser integration nowadays.

Re:

[MBGMorden]

Most of the big ones have browser plugins, web management, and mobile applications.

If you subscribe to just about any VPN service (I do ProtonVPN) most of them have a good password manager.

Re:

[timeOday]

If it's not self-hosted, like Nextcloud, if there an advantage of going with "any other company that's not google"?

And to be fair Nextcloud does have (an attempt at) browser integration. It didn't work well for me (and I know I'm not the only one, from online postings) but for all I know it works great for lots of people.

Keepass-based managers are the way to go

[Anonymous Cward]

Keepass based software, like KeepassXC or the like, is FOSS and it works completely on-device but you can sync using whichever infrastructure you like. This means anything from old-school FTP, WebDAV, SMB as a vehicle to SyncThing, Resilio Sync or even cloud options like iCloud, OneDrive etc. No accounts are needed as it uses proper software not services, and loads of manager apps exist for various platforms. Once you have got everything organised, password management is then a permanently solved issue.

Re: Keepass-based managers are the way to go

[jddj]

Mod parent up!

KeePass rocks. Zero-knowledge. Supports my YubiKey, too. And apparently passkeys (though macOS gets in the way here).

And if you keep a master KeePass file on your own infrastructure (safe from accidental sync overwrites when you "oops! I didn't mean to do that!", you'll be just fine when this week's janky "cloud" provider pulls the rug.

Re:

[Tony Isaac]

I use Keepass too, but there's one important thing it can't do: auto-fill passwords into web or mobile logins.

This is actually a security feature, because auto-fill won't work for lookalike malware sites, the password manager will only offer to autofill when the site's URL actually matches the site for which the credentials were saved.

With Keepass, you have to do the heavy lifting of validating that you're logging in to the correct site.

Re:

[Xarius]

I switched to Keepass, with KeepassXC browser extension, and use SyncThing to synchronise the database across my computers and phone. This was after Lastpass fucked up for the final time 3 years-ish ago.

Works really well, not hard to setup.

Re:

[Bradac_55]

Only a programmer could be this clueless, I believe he's really this stupid.

Bitwarden *is the* standard open source, free, feature rich password manager. The fact that you couldn't be bothered to look into it says everything.
Using any google product is not only idiotic from a privacy standpoint it's also lazy which sums up a programmer.

Re:

[darkain]

I'm running a VaultWarden cluster replicated across multiple sites, with BitWarden front-end. BitWarden themselves offers a paid hosting solution, or you can do it yourself for "free" (cost of time/hardware/resources). It integrates perfectly to every major browser, including Firefox (typing on that right now). It works beautifully on Android too to provide in-app passwords. No copy/pasting, its full on integration on all platforms. I have the browser client running on Windows, MacOS, and FreeBSD. For the r

Re:

[timeOday]

Hmmmm.... that's the kind of thing I like to hear

Re: It's hard

[BitterEpic]

I think the design of these things is intentional, and because there is a push to move beyond passwords.

I've started to just use my browser as well as bio auth of my devices. I don't mind copy pasting passwords. (I'm currently playing with Buttercup which is... okay.) All of the MFA in top of it has been my breaking point. With AWS I need to log in twice with Firefox... the whole deal.

Cloud storage kind of created the same problem... I can't find my files anymore because everyone is sucking them up into t

The news to me

[EldoranDark]

Is that Dropbox had a password manager service. Looks like everyone wants a piece of that pie these days, and the competition must be cut-throat.

Repeat after me

[TechyImmigrant]

Use a local, open source password manager. Keep the password file synced locally and remotely for backup.

Re:

[blahbooboo2]

Eh use Bitwarden. Lot less work, still open source, and you dont have to worry about syncing etc.

Re:

[sinkskinkshrieks]

Yep. Has a local sync server option.

Re:

[Meekrobe]

What issue does that address?

Re:

[TechyImmigrant]

What issue does that address?

Read TFA. That's what happens when you rely on an outside password management service.

Re:

[Meekrobe]

What are you on? I use Dropbox Passwords. When they announced this I exported my passwords and then imported them into a new manager. It took twelve seconds. Do you think people are going to lose their passwords because Dropbox Passwords is closing?

Re:

[MBGMorden]

That's not ideal unless you want to self-host a web-enabled local one. Most people need access to their password manager while on multiple computers and devices.

Re:

[TechyImmigrant]

I have my password file on a google drive. It syncs automatically to my local drive. I can access it with Keepass clients on my phone, MacBook, linux machines and windows machine.

There's a sync process that frequently transfers a copy to a backup drive locally, which isn't otherwise mounted, so malware wouldn't be able to get at it if it landed on my machines.

This has worked for many years. I had to do some hacking when google messed up the google drive client and made a bunch of files "cloud only" without

Re:

[ctilsie242]

I use two PW managers, one for the desktop passwords, and one for 2FA seeds. This way, if my desktop gets compromised, the 2FA codes are out of reach, as they are on the phone.

I have found that with a decent cloud service like GDrive, iCloud, OneDrive, or Dropbox, one can use apps that use KeePass's database format (Strongbox comes to mind), and that not just gives you the syncing that is needed, but solid security, especially if you use keyfiles which are never stored on the cloud service, but passed arou

Re:

[ewhac]

I'm self-hosting Vaultwarden [github.com] on my LAN, a Bitwarden-compatible backend written in Rust. I have it running inside a jail on TrueNAS Core (which, alas, is now end-of-life). It hosts its own Web interface, but also is compatible with Bitwarden's Android app and browser plugins.

So far, it's worked out pretty well for me.

Re:

[Tony Isaac]

This doesn't help you with mobile logins.

text file, veracrypt volume

[Big Hairy Gorilla]

you're welcome.

Don't do banking on your phone.

Re:

[Tony Isaac]

A key advantage of in-browser password managers, is that they won't offer to auto-fill your password, if you're on the wrong site. If you get phished, and the link looks similar to the real thing, the browser password manager will prevent you from supplying your credentials to the malware site. Your text file won't help you with that scenario.

Re:

[Big Hairy Gorilla]

Sure, I can cherry pick scenarios too. The top password vaults all had breaches and hacks. We store your passwords in Amazon buckets, and they store the data anywhere in the world as part of the TOS. You're basically giving all your passwords to a third party.
Reduce your dependency on a third party is my point.

Re:

[Tony Isaac]

The top password vaults all had breaches and hacks

Well...except for the Chrome, Edge, Safari, and Firefox password managers, they haven't been breached.

\o/

[easyTree]

DropBox pulls a Google

Ehhh. ..

[BitterEpic]

Time to migrate back to using dd for managing passwords.

Dropbox paid user here

[BitterEpic]

I've never found Dropbox's services all that great. It's platform agnostic... but I've never felt like the UI is built with usability in mind.

Example one: the "photos" tab on mobile will show ALL images on your account. Not just photos. I accidently deleted a bunch of important files because of this

Another example is that multiple delete synchronously calls an api for each file. That means one ggets deleted about a second. 20 seconds for twenty files

If you connect a third party photo app it can only acces