Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
IT

Dropbox Passwords Rolls Out Free Version Just as LastPass Limits Free Users (gizmodo.com) 39

Just as LastPass nerfs the free tier of its popular password manager, Dropbox has swooped in with a free version of its own password app -- but there's a bit of a catch. From a report: Dropbox today announced that Passwords will soon be free to all of its users, whether they're on its free basic plan or one of its premium individual or business tiers. Beginning in early April, any Dropbox user will be able to access a limited version of Passwords that will securely store up to 50 credentials. The catch here, of course, is that most people likely have more than 50 passwords to various accounts, and a password manager should ideally be used for all of them.
This discussion has been archived. No new comments can be posted.

Dropbox Passwords Rolls Out Free Version Just as LastPass Limits Free Users

Comments Filter:
  • Up to 50 passwords (Score:5, Insightful)

    by fph il quozientatore ( 971015 ) on Tuesday March 16, 2021 @01:52PM (#61165514)
    This seems more like a demo than a full free version.
    • by slazzy ( 864185 )
      Yeah I have to create 50 usernames/passwords on a bad day... Also I still remember when Dropbox left everyone's files open to the wild so I wouldn't trust them with passwords. Create for sharing videos with friends and such.
    • This feels like something that will encourage bad password security as people will think they're doing the right thing by using "strong" passwords in a password manager, but they'll reuse those passwords so that they stay under the limit.

  • These services will be a Solar Winds drop box for hackers. Single point of failure.
  • That Condoleezza Rice [dropbox.com] is still on their board.

  • Lol no. Most people stick with the same 2-3 passwords and just use a variation of them. If a normal user had more than 10-12 I'd be amazed. My parents should as hell do not. Nor do I even across all platforms. Difference is mine are actually secure enough to pass muster on 99% of sites
    • Variations are also different passwords.

      The real situation is that people have scores of different sites that require user/pass plus maybe other "secrets" and over time, even if they try to use the same small number of passwords due to the various arbitrary site requirements for user names and passwords, which gradually change, they will end up with many variations and will not remember what are the exact credentials needed for most of the sites they access infrequently.

    • Itâ(TM)s not a 50 password limit, itâ(TM)s a 50 site/login limit.

    • Most people stick with the same 2-3 passwords... more than 10-12 I'd be amazed.

      Apparently, you do not know anyone that uses a password manager in the way it is intended. The goal is not to save the effort of typing a few characters one already knows. Instead, it is to get out of the business of remembering passwords in the first place.

      Once you embrace not knowing passwords, it is no big deal to have unique 64 character passwords per site. Heck, the inbuilt generators also mean that you don't even need to come up with them.

  • I keep my KeepassX file in Dropbox and can manage as many passwords as I like, for free.

    • So do I. With KeePass and dropbox I can access my passwords from mobiles, tablets, and PCs anywhere I have internet. With mobile and hot spot, that is pretty much anywhere I go. Fortunately, I am grandfathered in to dropbox"s device limitation.
    • by mspohr ( 589790 )

      Keepass is available on just about every platform... and it's free!

    • by Octorian ( 14086 )

      I do exactly the same thing. And if Dropbox ever becomes unusable to me someday, I can always switch the "file hosting" part to some other service.
      Password management is the one software category where "open source, all platforms, no corporate-lock-in" becomes a REQUIREMENT, not just a nice to have.

    • KeepassXC is quite solid. I'd be just fine using NextCloud or some other way to share its database, but it has a optional private key you can keep off of services like Dropbox, just to be sure.

      • KeepassXC is quite solid. I'd be just fine using NextCloud or some other way to share its database, but it has a optional private key you can keep off of services like Dropbox, just to be sure.

        I also use KeepassXC. Even though I know the database is encrypted, for off-site backup I encrypt it using GPG with my private key, just as I do with all of my off-site backups.

    • I use the KeeWeb website [keeweb.info]. You can link it to multiple back ends using OAuth, or use the local filesystem. The code is all client-side, and available on GitHub [github.com].

  • No thanks (Score:5, Informative)

    by SirSpanksALot ( 7630868 ) on Tuesday March 16, 2021 @02:09PM (#61165582)
    No thanks... Bitwarden for me
    • Yeah I just switched to Bitwarden. I like that itâ(TM)s open-source and I can host it myself if I want to. The in-browser ui isnâ(TM)t as smooth as LastPass, but Iâ(TM)m sure itâ(TM)ll improve slowly especially since itâ(TM)s getting more attention now.

    • Re: (Score:2, Offtopic)

      by AmiMoJo ( 196126 )

      It does seem unwise to tie yourself in to a commercial service when there are plenty of good free options.

      I use Keepass.

    • by GrahamJ ( 241784 )

      Same. Moved from 1Password and very happy with it.

  • it's quite primitive, but I have my homemade password manager, which is naturally free of those free-for-a-while-then-premium bait-and-switch shenanigans we see again and again. Basically take something like a website name (e.g. amazon), take a secret passphrase (e.g. BrownFluffyBatmobile), mangle them together somehow ('(amazon::BrownFluffyBatmobile)'), shove that through sha256, convert to base64, take the first 16 characters and use the result as your password. Then keep a note of the non-secret part of

    • it's quite primitive, but I have my homemade password manager, which is naturally free of those free-for-a-while-then-premium bait-and-switch shenanigans we see again and again. Basically take something like a website name (e.g. amazon), take a secret passphrase (e.g. BrownFluffyBatmobile), mangle them together somehow ('(amazon::BrownFluffyBatmobile)'), shove that through sha256, convert to base64, take the first 16 characters and use the result as your password. Then keep a note of the non-secret part of each (e.g amazon in this example), and a short hint as to the passphrase (e.g. put the empty string through and note the first three characters of the output). That sort of thing. I first whipped it up as a bash one-liner, then automated the process.

      I recommend you use 22 rather than 16 characters for your password. That will give you 128 bits of entropy, which should be enough for all but state actors. If you are really paranoid, use all 42 characters, which gets you almost 256 bits of entropy, which is considered unbreakable.

    • by Gyles ( 87774 )

      Something a lot like http://hashapass.com/en/index.html

  • Get onto it kids Open Source, free and of-course a paid version that cheaper then a $2 hooker.... https://bitwarden.com/ [bitwarden.com]
  • After their data breech years ago I still get tons of those scam emails with my dropbox password asking me to send bitcoin cause they have video of my "porn activities" After that breech I moved everything of mine out of Dropbox into my own Nextcloud instance that I have full control over.
  • I have more than 50 passwords. so do I want to be limited to 50 passwords or limited to device type or neither? I choose...

To communicate is the beginning of understanding. -- AT&T

Working...