cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Whether you are transferring a single drive, a team or an entire organization, Movebot's cloud migration tool has been built to make your Dropbox migration simple - learn all about it here.

Dropbox installs & integrations

Connect your tools and content together with help from the Dropbox Community. Join a discussion or post a question of your own to get started.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

No session termination on password change?

No session termination on password change?

saifudeen
New member | Level 2

Steps to create the scenario.

 

1. Login to Desktop version using existing credentials.
2. Do password reset on your mobile app account and login to mobile version with new credentials.
3. Upload some files / photos to Dropbox Mob App.
4. It will still sync the photos to the desktop version which I have not updated the latest password.

 

Though there is an option to unlink the devices manually, shouldn't it terminate all other existing sessions with a password reset for security reasons?

5 Replies 5

Re: No session termination on password change?

Rich
Super User II

saifudeen wrote:

Though there is an option to unlink the devices manually, shouldn't it terminate all other existing sessions with a password reset for security reasons?


No, it shouldn't. Your password is only used to link the computer to your account. After that link is established, a secure token is used for authentication. Changing your password has no affect on the token, by design. To stop a device from syncing with your account, you need to unlink it.

Re: No session termination on password change?

saifudeen
New member | Level 2
That's not a solution. I am changing my dropbox account password - which meant to terminate the other sessions automatically, so the devices which has my old passwords will not sync.

Currently I need to manually revoke the access of all the devices linked. If this is your design, its a flaw.

Re: No session termination on password change?

Rich
Super User II

saifudeen wrote:
That's not a solution.

Unlinking the devices is the solution.

 


I am changing my dropbox account password - which meant to terminate the other sessions automatically, so the devices which has my old passwords will not sync.

But that's not what changing your password is meant to do. That's what you want it to do, but that's not what it does or what it's meant to do. Your password is only used to link new devices and to log in to the website. Your password has nothing to do with the syncing operation of connected devices. It's not even used for syncing.

 


Currently I need to manually revoke the access of all the devices linked. If this is your design, its a flaw.

This is how it's meant to operate. As such, it's not a flaw. And it's not my design; it's Dropbox's.

Re: No session termination on password change?

saifudeen
New member | Level 2

Hey Bro,

 

I mistook you're dropboxer - apologies!

 

I reached out their support service directly and it's under tech team review. Shall update here as well when I hear from them.

 

Good day.

Saif

Re: No session termination on password change?

Ed
Dropboxer
[This thread is now closed. If you have a similar or new question, you can ask here: https://www.dropboxforum.com/t5/forums/postpage/category-id/101001000]



Ed G
Community Manager @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so please mark it for some Kudos below. 
:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
:arrows_counterclockwise: Still stuck? Ask me a question! (
Questions asked in the community will likely receive an answer within 4 hours!)

Who's talking

Top contributors to this post

  • User avatar
    Ed Dropboxer
  • User avatar
    saifudeen New member | Level 2
  • User avatar
    Rich Super User II
What do Dropbox user levels mean?
Need more support?