Need to see if your shared folder is taking up space on your dropbox 👨‍💻? Find out how to check here.

Forum Discussion

Harry K.6's avatar
Harry K.6
New member | Level 1
10 years ago
Solved

Desktop/mobile client syncing after password change: security flaw?

Last week I've change my password though the website, at work. On my home computer I have installed the Desktop client. I have not changed a thing and it was syncing without problems. 

The same happened with my Dropbox App for my Android phone.

If I ever change the password of my account I was expecting the need to update it everywhere I use it. If, by any change, somebody uses a Desktop/Mobile client and I change my password, this person would be able to keep on using it without problems. 

From my point of view, unless I'm missing something, this is a security flaw that must be corrected. 

Hope to hear from Dropbox team.

Account Settings
security
sync
  • Mark's avatar
    Mark
    9 years ago

    techs2017 if somebody has your password then installing Dropbox is the least of your worries.

     

    Super Users are not employees but the answer is the official one - this isnt a security flaw. Its by design. 

     

    When somebody adds Dropbox to their computer you receive an email telling you this has happened, unless you've disabled those security emails in the Account section. 

     

    Also, if they did do that then you can unlink the account via the same Account page. For Plus and Business users you can also request that a remote delete is done while unlinking clients.

12 Replies

Replies have been turned off for this discussion
Show More
  • Stuart_'s avatar
    Stuart_
    Explorer | Level 4
    7 years ago

    Even Microsoft has abandoned the obsolete security practice of changing passwords frequently and it's no longer part of their security baseline. It's been in the news for some time.

    In this case, Dropbox handles this poorly. Everywhere else, changing a password in one place requires updating it everywhere else. It is far too easy to miss a place, and checking some random list (this is the first I've heard of it, and I've been using Dropbox for years) that isn't prominently displayed and part of the onboarding tutorial is both a UI mistake as well as a policy mistake. Companies should always act in the best security interests of customers, and allowing a token to continue operating is a direct contradiction.

    Please revisit this decision.

    https://www.computerworld.com/article/3391365/microsoft-tells-it-admins-to-nix-obsolete-password-reset-practice.html

    Thank you.

  • Jane's avatar
    Jane
    Icon for Dropbox Staff rankDropbox Staff
    7 years ago
    Hey Stuart_, thanks for sharing your thoughts with us, that’s some great feedback! Positive or negative, everything you're sending us over helps us paint a clearer picture of what could enhance the way you’re interacting with Dropbox. 
     
    I’ve made a note of your observations here in my report internally for future iterations & I'm always here if you need further assistance from me in any way. Thanks for choosing Dropbox & have a lovely week ahead!

About Settings and Preferences

The Dropbox Community is here to help if you have questions about your account settings and preferences. Learn and share advice with members.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!