cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Share your feedback on the Document Scanning Experience in the Dropbox App right here.

Settings and Preferences

The Dropbox Community is here to help if you have questions about your account settings and preferences. Learn and share advice with members.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Desktop/mobile client syncing after password change: security flaw?

Desktop/mobile client syncing after password change: security flaw?

Harry K.6
New member | Level 1
Go to solution

Last week I've change my password though the website, at work. On my home computer I have installed the Desktop client. I have not changed a thing and it was syncing without problems. 

The same happened with my Dropbox App for my Android phone.

If I ever change the password of my account I was expecting the need to update it everywhere I use it. If, by any change, somebody uses a Desktop/Mobile client and I change my password, this person would be able to keep on using it without problems. 

From my point of view, unless I'm missing something, this is a security flaw that must be corrected. 

Hope to hear from Dropbox team.

12 Replies 12

sooby
New member | Level 2
Go to solution

If I change my google password, all devices connected to my google account will not allow me to access my gmail unless I enter the new password. I have two laptops (one windows and one macos) connected to dropbox (using client dropbox). Today, I chabnged my password going to the dropbox website. But my windows laptop (which has the old password)( is syning as usual as if nothing happened. This got to be a bad security flaw.

Stuart_
Explorer | Level 4
Go to solution

Even Microsoft has abandoned the obsolete security practice of changing passwords frequently and it's no longer part of their security baseline. It's been in the news for some time.

In this case, Dropbox handles this poorly. Everywhere else, changing a password in one place requires updating it everywhere else. It is far too easy to miss a place, and checking some random list (this is the first I've heard of it, and I've been using Dropbox for years) that isn't prominently displayed and part of the onboarding tutorial is both a UI mistake as well as a policy mistake. Companies should always act in the best security interests of customers, and allowing a token to continue operating is a direct contradiction.

Please revisit this decision.

https://www.computerworld.com/article/3391365/microsoft-tells-it-admins-to-nix-obsolete-password-res...

Thank you.

Jane
Dropbox Staff
Go to solution
Hey @Stuart_, thanks for sharing your thoughts with us, that’s some great feedback! Positive or negative, everything you're sending us over helps us paint a clearer picture of what could enhance the way you’re interacting with Dropbox. 
 
I’ve made a note of your observations here in my report internally for future iterations & I'm always here if you need further assistance from me in any way. Thanks for choosing Dropbox & have a lovely week ahead!

 


Jane
Community Moderator @ Dropbox
dropbox.com/support

 

Heart Did this post help you? If so please give it a Like below. 
:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Best Answer' button to help others find it.
:arrows_counterclockwise: Still stuck? Ask me a question! (
Questions asked in the community will likely receive an answer within 4 hours!)

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Jane Dropbox Staff
  • User avatar
    Stuart_ Explorer | Level 4
  • User avatar
    sooby New member | Level 2
  • User avatar
    Glen H.3 New member | Level 2
  • User avatar
    Mark Super User II
What do Dropbox user levels mean?