cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Are you interested in hearing how one of our Community members uses Dropbox for sailing trips? Read all about it here.

Dropbox ideas

Got an idea for Dropbox? We want to hear it. Our team will review the top voted ideas, so share them here!

Got an idea for Dropbox? We want to hear it. Our team will review the top voted ideas, so share them here!

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Add One Time Passwords (OTP) to Dropbox Password Manager

Add One Time Passwords (OTP) to Dropbox Password Manager

Bmk007
New member | Level 2

Hello. A neat feature websites have been adding is the ability to use a randomly generated code as a way of 2FA. For instance when I login to Amazon I have to use my email and password then the OTP from my password app, in this case 1Pass. The OTP runs on time intervals, generally changing every 30 or so seconds.

Some apps for this are Microsoft or Google authentication. It beats say OTPs such as text messages in case your number is ported out which is something on the rise recently. I try adding the most security I can and I feel these randomly generated OTPs are essential for being secure.

I look forward to if/when this is implemented, until then I will have to stick to 1Pass.

Latest Update
Walter
Dropbox Staff
This idea has been closed as it has reached the end of the Share an Idea process.
 
Thank you for your suggestion, and if you have another idea to share, please do! 
Status changed to: Closed
31 Comments
MoondearW
New member | Level 2

So, I've been looking into the Dropbox Passwords Application and I noticed a critical feature missing from it: the ability to store individual TOTP codes for various logins within the app and remove the need for a third-party authenticator.

 

For example, when storing password information on Dropbox Passwords it looks like the following:

 

  • Username
  • Password
  • Website URL 


However, other services like Bitwarden, 1Password or Keepass look more like this:

 

  • Username
  • Password
  • Website URL
  • TOTP Code
  • Custom Fields / Notes


Allowing people to store TOTP codes within Dropbox Passwords would remove the need for me having to set-up and open Google Authenticator or Authy every time I want to login to one of the services I use, because I can see the TOTP code for the individual login right from within the Dropbox Passwords app!

 

Without this feature, I certainly won't be moving to Dropbox Passwords anytime soon and the competition has you beat there!

 

Hope this is something you consider for the future.

LegendofJuli
Helpful | Level 5

I have to use 1Password until Dropbox implements OTP in apps. That's the best feature 1Password has cause it's easy to fill out any OTP field.

 

Please consider add this feature ASAP!

Arandomusername
New member | Level 2

Agreed this is the missing feature in Dropbox passwords atm. 

kevinfreels
Helpful | Level 6

Along with biometrics - Windows Hello... 

Or authenticator

Or...anything but 15 words printed on paper and stored in a "safe place". 

 

"If you rely on feedback to make all of your decisions, a leader you are not." -- Me 

snoggle
Helpful | Level 6

Dropbox Passwords for Business is ready to go for basic authentication needs as soon as they add OTP functionality. Please add it soon!

lemd
Explorer | Level 3

+1 currently have 1Password and Keeper (both of which support OTP). Would love to consolidate this over to Dropbox Password!

kevinfreels
Helpful | Level 6

I really liked this until I had a laptop I had to replace the hard drive on. I restored from a backup and tried to login to passwords and I couldn't login because apparently the saved password was wrong. I used the safe words or whatever but it kept telling me they were wrong despite making certain that it was exactly right for every word. So I was shut out.

So I loaded installed it again on another machine that had previously been connected but removed, and that machine was able to login without entering a password!

 

So I changed the password which then allowed me to login with the laptop... something I shouldn't have been able to do as I had uninstalled it from the other machine and reinstalled it a full two weeks later. then I checked the safe words list. I had it exactly right.

 

So 1) no 2fa

2) can access from a machine previously installed without entering password

and 3) safe words list failed.

This makes it both insecure and unreliable. something I can't have for a password manager. basic authenticator usage with an auto logout if not used for x minutes would fix that. 

@MoondearW I don't quite understand your post. are you referring to using OTP to access Dropbox passwords? or are you referring to Dropbox passwords having an authenticator capability to generate codes for other sites?

I think that having your password manager generate your 2fa codes defeats the purpose. The idea is that with 2fa, you're showing that your password manager hasn't been hacked by a third party and that it is indeed you logging in. of someone hacks your password manager and it generates your 2fa codes the they have that as well. 

 

 

 

 

 

 

 

 

 

 

danieliversen
Explorer | Level 4

OTP/2FA is literally one of the key security best-practices to keep important accounts safe. Most people would have set these codes up for financial, communication or key logins they use, and right now that makes Dropbox Passwords only usable in conjunction with other apps (but not in a family/sharing situation). 

 

Please, lots of people would like to try and consolidate tools (I use 1Password with my family) but we can't until you add OTP. I think the main challenge is that the "workarounds" until you get OTP in the product (i.e. to use the free Google Authenticator app etc) is (besides the convenience factor of one app) that we need to be able to share accounts (incl usernames, passwords, OTP codes) with other people (family members etc). 

 

DTromp
Explorer | Level 3

Is there any indication from the Dropbox team that they are working on this?

lemd
Explorer | Level 3

If a website supports 2FA via QR code it will show up in the app with a purple banner. Not sure how this list is generated but I would check that for any service that has 2FA. 

 

It may also be based on domain, so make sure you add the base URL as well as the login.