cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Whether you are transferring a single drive, a team or an entire organization, Movebot's cloud migration tool has been built to make your Dropbox migration simple - learn all about it here.

Dropbox installs & integrations

Connect your tools and content together with help from the Dropbox Community. Join a discussion or post a question of your own to get started.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Why does Dropbox ask for your computer password

Why does Dropbox ask for your computer password

Florian A.1
New member | Level 1

Hi, I just came across this blog post detailing some, shall we say, unorthodox ways Dropbox is circumventing OS X security features and tricking users into sharing their admin password:

http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/

I found the same happened on my system (OS X 10.11.6), Dropbox v9.v.49). Can you explain why you do this?

35 Replies 35

Re: "Dropbox’s dirty little security hack"

Leon N.
Helpful | Level 5

Tricking users into giving up their admin password is unethical hacking. Dropbox needs to respond and remove this hack.

Re: "Dropbox’s dirty little security hack"

Brandon A.2
New member | Level 1

+1

Re: "Dropbox’s dirty little security hack"

Kim V.4
New member | Level 1

You better have a really good [removed by moderator] explanation for doing this, Dropbox.. I don't pay you to steal my login password.

Re: "Dropbox’s dirty little security hack"

Rich
Super User II

Kim,

Please watch your language on these public forums or your posts could be removed or your account suspended. Your post has been edited. Thank you.

Re: "Dropbox’s dirty little security hack"

Rich
Super User II

Re: "Dropbox’s dirty little security hack"

John B.194
New member | Level 1

A person claiming to be a dropbox employee responded to this on the original post downplaying the thing. I think an official statement would be nice.

https://news.ycombinator.com/item?id=12463338

Re: "Dropbox’s dirty little security hack"

Leon N.
Helpful | Level 5

I don't believe the "employee" who responded. One of the things he said was accessibility is required for badges. I removed Dropbox's accessibility access, but the badges show up just fine. I've not noticed any functionality missing. 

Re: "Dropbox’s dirty little security hack"

Rich
Super User II

I removed Dropbox's accessibility access, but the badges show up just fine. I've not noticed any functionality missing. 

The badge appeared, but did you test its full functionality? If not, then it wasn't a valid test of the accessibility requirements.

I'm not arguing for or against either side. I'm only stating that simply seeing the badge show up is not a valid indicator that it's working properly.

Re: "Dropbox’s dirty little security hack"

Leon N.
Helpful | Level 5

Good point.  One feature is not a complete test. However, I continue to use Dropbox for syncing, app access (i.e. native API access from the app) and finder/pathfinder integration all seem to work fine. Anything else I should test?

BTW, it was stated by the person claiming to be a Dropbox employee that accessibility was needed for badges. It seems reasonable to expect Dropbox to explain what access is truly required, why and how this unusual authentication process works. 

Who's talking

Top contributors to this post

  • User avatar
    Tim H.38 New member | Level 2
  • User avatar
    Leon N. Helpful | Level 5
  • User avatar
    Robert T.19 New member | Level 1
  • User avatar
    Marcin D. New member | Level 1
  • User avatar
    Kim V.4 New member | Level 1
What do Dropbox user levels mean?
Need more support?