Dropbox Passwords discontinuation
help.dropbox.com

80 points

h1fra

3 days ago

82 comments

tiffanyh 3 days ago

Not knowing that Dropbox offered a password manager … I misinterpreted the headline to mean I could no longer log into my Dropbox account with a password anymore (and thought they were forcing passkeys).

  • alisonatwork 3 days ago

    This recently happened to me on Booking.com and... I ended up not using Booking.com to book a hotel. So long, genius status, or whatever.

    It absolutely drives me nuts that the western world is moving to "as seen in China" login-via-callback flow. Aside from the privacy issue of forcing people to attach an email or phone number or third-party auth provider to their every account, it's just a waste of time and energy to delete our passwords and force us through this weird multi-app flow just to log in to a service we spent years logging into without ever getting hacked. Imagine if every time you wanted to get into your house you had to press the doorbell and then wait for someone to call you back to decide whether you should be allowed in. It's absurd.

    • rafram 3 days ago

      > "as seen in China" login-via-callback flow

      What, exactly, does this mean?

      But passkeys are the new hotness, not SSO, and what you’re describing is SSO. Passkeys aren’t tied to an outside account, just a password manager (which can be your browser - no account required).

      • fooofw 2 days ago
        2 more

        Your parent comment may refer to requesting and waiting for a login link in, say, an email to authenticate - not SSO.

        • rafram 2 days ago

          Oh, that makes sense.

      • alisonatwork 3 days ago
        4 more

        When I lived in China a common way of "logging in" was to enter an OTP sent to your phone via SMS. By the time I left a few years back it seemed increasingly that signup and login flows were on the way out in favor of simply using your phone number anywhere and everywhere as a personal identifier and OTP or in-app notifications for authentication.

        • hofrogs 3 days ago

          Added benefit of inheriting someone's account if they miss the phone number rent and you get the recycled number.

        • rafram 2 days ago

          Thanks, I misread your first comment. That makes sense. Yeah, not a great system, especially because it turns phone numbers into semi-sensitive personal information that you also give out to every single person you ever meet.

    • ijustlovemath 3 days ago

      This is especially true if you simply increase the minimum password length to a certain amount. The major browsers include password managers for specifically this purpose which can generate passwords; why don't we move towards educating users how to use these tools instead of centralizing all the failure points of the web?

      And yes, I understand the major conflict of interest in saving important passwords to Google, which I personally don't do and wouldn't recommend, but I think if they're interested in staying out of the Googleverse, we can also tell people about the good paid alternatives out there.

      • somenameforme 3 days ago

        Paid vs Google seems a bit of a false dichotomy. Bitwarden and countless other such programs are completely free for normal usage. The freemium stuff comes in for business and uses far beyond just a password manager.

      • userbinator 3 days ago

        why don't we move towards educating users how to use these tools instead of centralizing all the failure points of the web

        Because there are vested interests in doing the latter. That said, I don't trust password managers either.

    • hug 3 days ago

      > Imagine if every time you wanted to get into your house you had to press the doorbell and then wait for someone to call you back to decide whether you should be allowed in.

      This is exactly what I do to visitors to my house.

    • sofixa 2 days ago

      What? You can auth to booking.com with a password just fine (I just did it this morning).

      Many sites have "magic links" (they sent you a link to login via email instead of having to write a in password), but there's almost always a way to say you want to log in with your password. Sometimes, especially for touchier things, there's MFA.

      > Aside from the privacy issue of forcing people to attach an email or phone number or third-party auth provider to their every account

      How do you login without an email, phone number or delegating to a third party? You perform a secret magic dance? Especially for something such as booking.com which more likely than not has your bank details saved, and can wreak havoc (cancel your bookings), I'm really not sure what you want them to do.

      • alisonatwork 2 days ago
        2 more

        I was surprised when it happened to me too, but it seems to be an anti-feature that has been rolling out for some time now[0]. The ability to use a password has vanished completely.

        The thing that makes it particularly egregious is that Booking.com is literally designed to be used on the road, from any location anywhere, on any weird device you might have access to at the time. There's no guarantee that whatever janky airport wifi allows IMAP, or that your phone can receive SMS in whatever country you're in. Forcing 2FA - or now apparently just the "1FA" of magic link/OTP - has made the service useless for its primary purpose.

        [0] https://old.reddit.com/r/Bookingcom/comments/1hl055b/cannot_...

        • justsomehnguy 2 days ago

          > whatever janky airport wifi allows IMAP

          Bold of you to even assume the current generation of a 'decision makers' do know what IMAP is.

    • bapak 3 days ago

      All bets are on Passkeys, but I'm sure a lot of people can't deal with them due to lack of sync across devices.

      Passkeys are a great Trojan horse for password managers vs oauth, magic links, "password123" strings

  • greyface- 3 days ago

    For me, the headline evoked memories of this 2011 Dropbox security incident. https://news.ycombinator.com/item?id=2678576

    • sodality2 3 days ago

      Hilarious that the bitrotted dropbox blogpost linked in the techcrunch article discussing this vulnerability (quoted as saying things like “this never should have happened”) instead redirects to some dropbox blog home page, with “What happens when AI joins your team?” prominently featured. Initially I thought their postmortem was blaming AI very openly 14 years ago :D

  • windexh8er 3 days ago

    I was wondering, genuinely: is Dropbox still something the masses use? I found the product to be subpar many years ago and stopped using it and only seemed to read about it continuing to degrade.

    • omnimus 3 days ago

      At least in some circles yes. It is very much only sync service creative professionals use.

      Mainly due to conflict resolution, corruption and version history. It still has best implemented “online only files”.

      Think 10 person design studio all working in one big studio “Work” folder.

      So while the clients got bloated Dropbox still has edge in essentials. People trust it unlike other services some of which are straight up infamous for loosing your files like iCloud or corrupting them like adobe creative cloud.

      • Ferret7446 19 hours ago
        2 more

        I don't suppose you know if any creatives use SyncThing? Curious to know how it compares

        • omnimus 6 hours ago

          I think that SyncThing does not solve other reasons (besides sync) why companies use Dropbox and thats backup and public download links. You can set up SyncThing with one always on instance on your NAS (we used to have that at work) but by that point it is quite technically challenging. And you still need to have some way to deliver downloads. For people like photographers something like Dropbox is probably harder requirement than Adobe.

      • danieldk 3 days ago

        And block-level sync. Many sync services only do file-level sync.

    • tim333 2 days ago

      I, speaking as part of the masses, still use it. Works fine for my purposes. I'm not sure what's supposed to be wrong with it?

    • chromehearts 3 days ago

      I always wondered this too .. I have a feeling their only users are those who just never migrated & users who used 10minmail (who upload "illegal" files (unreleased songs etc.))

      • omnimus 3 days ago

        Where and why would you migrate?

stmw 3 days ago

Strategically this doesn't make a lot of sense to me (password management is a natural adjacent product to their core offering), but I am sure they had lots of data that showed it wasn't succeeding. Having been involved in password managemetn before, what I have learned is that it is surprisingly difficult to continue to maintain as both browsers and websites change, the mobile situation is very difficult and it's just one of those software projects that seems simple.. but isn't. So if there is not a big attach rate, it makes sense for Dropbox to drop it.

  • danieldk 3 days ago

    Even as a Dropbox user, I only half-knew that they had a password manager. I try to avoid their website because it tries to push me into a different plan every single time with popups, banners, etc. (despite being on a $20 per month family account).

    On the Mac, I avoid their own client and use Maestral for pretty much the same reasons. Unlike their old client, their Mac client annoys you with all kinds of (to me) irrelevant stuff. Only on Linux I use their client, because it's still the old client and does not bother me.

    I guess a lot of people that are still using and paying for Dropbox, do it because of their really excellent file sync and try to tune out of anything else because they tried to push too much crap over the years (remember when they tried to push everyone to use their mail client?).

    I would rather have them bring things like end-to-end encryption to all account types. Improve the functionality of the core product we are paying them for.

  • dehrmann 3 days ago

    I assume consumers have moved to Google for files and still reuse passwords or use their browser's password manager. Companies have moved passwords to something like Okta, and probably Microsoft, Google, or possibly Box for files.

  • AznHisoka 2 days ago

    What is the biggest thing to maintain? Isn’t it just storing passwords?

    • thimabi 2 days ago

      Integration with browsers and websites, because these password managers are based on autofill rather than copying and pasting passwords.

    • stmw 2 days ago

      Integration and endless QA with the websites for form-filling, and various tricky user flows with sync across desktop and mobile.

qnleigh 3 days ago

3 months doesn't seem like enough advanced warning before deleting essential data like this. What if someone is hiking the Pacific Coast Trail right now? Or is the recovering from a serious medical event? Or just doesn't use the app and the email they signed up with that often?

Is it really that expensive for them to maintain minimal access for a year? This is not a rhetorical question.

ildon 3 days ago

This is very sad news. I've been using their password manager since it came out and, although not perfect, was working very well for me.

As a long standing (paying) user of Dropbox (I believe I've been using it since the very beginning), and former stock holder, I believe Dropbox must adjust its course asap. They lack a clear vision for the future and their current offering is way too limited (and shrinking apparently). For the money they ask there's no point in actually paying for their product, unless one is already locked in. For the same price, or even less, one can get an entire Office suite (Google/MS), plus cloud storage. Sure, Google Drive or OneDrive are nowhere close to Dropbox in terms of sync quality, but how many users (business and consumers) are willing to pay such a premium for quality file sync on top of other subscriptions?

Additionally, for many Dropbox is a no go for the simple fact that they don't have a reliable way to edit documents simultaneously. Recently I was looking for a cloud storage solution for a business that needed collaborative editing of documents. I had to go with Office365, as much as I would have preferred not to, because the way they allow multiple concurrent edits to documents is simply not matched by Dropbox (Google Drive is even better but it lacked some features that were essential for the business).

Unfortunately it looks like the stock market is well aware of this. The capitalization of Dropbox has been essentially stagnating for ~5 years, if adjusted for inflation.

I really hope that Dropbox can change its course by doing some brave acquisitions and rebuild its brand image with a more compelling and comprehensive offering.

  • sofixa 2 days ago

    They're a perfect example of why the old adage of "do one thing and do it well" often doesn't scale as a business.

    If platforms can provide a competing service, bundled within their package, many will pick it, even if it is worse quality. Dropbox had to expand (like Proton are - they started with email, then added calendar, Drive for file storage, Docs for collaborative editing, Pass for password manager, etc. Even if I would prefer they spend more time to fix gaps in their Android email app, I completely understand why they have to expand their stack).

    • chii 2 days ago

      > bundled within their package

      some might even call this anti-competitive practice!

  • kookamamie 3 days ago

    > sync quality

    Is this really a differentiator nowadays?

    • antonyh 2 days ago

      Both Google Drive and Microsoft OneDrive have had mass file loss events. Local LAN sync is hugely useful too. Upload speed matters, as does conflict resolution. These are features worth paying for.

    • SebastianKra 3 days ago

      iCloud lost all my data twice. Before that, it was always stuck syncing some unknown files. I also ran into problems where conflict resolution in Apples own office apps wouldn't work and I'd just lose one of the version. So yes.

treetalker 3 days ago

I kinda wish Dropbox would stick to dropboxing.

Always with the product-line creep. No doubt the next offerings will be Dropbox Email and "Dropbox the LLM" (better than Spaceballs the Flamethrower, I suppose).

  • rjh29 3 days ago

    I agree but what are they supposed to do? Cloud sharing is commoditized now and it's easy to move providers. Their only choice was to try to move up the stack, but there is no clear direction. It's video editing, e-signatures/encryption, passwords, AI, document editing... so far I haven't found any of those offerings useful. Their Linux support is however much appreciated.

    • Groxx 3 days ago

      Reduce price. Reduce the abominable resource usage. Allow E2E encryption. Increase performance so it doesn't trickle at tens of kilobytes for hours when I have 100Mbps upload and half a terabyte left.

      Like. Build a decent product. The lack of any major competition doesn't mean they should stop improving and branch out into costly absurdity, at least try to keep up with Maestral with 100x the headcount.

      • twright0 3 days ago
        3 more

        > Reduce price. Reduce the abominable resource usage. Allow E2E encryption. Increase performance so it doesn't trickle at tens of kilobytes for hours when I have 100Mbps upload and half a terabyte left.

        How do you imagine that any of these things would strengthen Dropbox's business at a scale relevant to them?

        Reducing price would be straightforwardly bad; most users do not understand resource usage complaints (though I'm not conceding that problem exists - it's a non-factor on my machine); E2E encryption is an anti-feature for a consumer audience who will lock themselves out and demand refunds far above the rate at which anyone will pay for E2E specifically; most users do not have half a terabyte all at once to store nor upload speeds such that the Dropbox app performance is the limiting factor, even if those performance problems are true.

        > The lack of any major competition

        Dropbox's core product faces substantial competition from multiple tech giants (Google Drive, One Drive, iCloud) who have incentive and ability to eat losses on a sync product to sell other services or devices. If they don't find other lines of business to sell alongside sync they will die, and building an incrementally better sync product will not save them.

        (I worked at Dropbox a ~decade ago and no longer have any insider insight nor financial stake in the company, but I sympathize that they're in a brutally difficult position in building a sustainable business)

        • Barrin92 2 days ago

          The problem was them going public. Honestly looking at the fact that it's a 20 year old company that's really good at one thing, take it private if you can, slim the company down and offer more competitive prices. The other user is right on that. Accept that you're Jetbrains instead of fancy big tech giant.

          If they offered a competitive 100 Gig tier or a cheaper 1 TB tier I'd instantly switch my entire family back from Google Drive because at a technical level Dropbox is just simply better. Insync + GDrive is much worse than the block based sync. If they just focused on this they have a good business. The headcount expansion and desperate horizontal creep into other services just makes miserable products.

        • Groxx 2 days ago

          Every Dropbox user I've talked with has complained at length about the random upload slowdowns.

          Every Dropbox user I've talked with has complained at length about the software.

          Every Dropbox user I've talked with has complained at length about the cost, and is looking for alternatives, but the marginally-better software keeps them there for now (gdrive and onedrive have a fair number more issues).

          Yes, I think it matters. But they exploded their headcount and now they have to compete in areas they aren't anywhere near as good in (document management, etc) to make the higher profit they need to keep going, and raise the cost for everyone who doesn't use it.

          Basically they went B2B and have been coasting in a gradual decline on their consumer side. A tale as old as time.

      • andrewmcwatters 3 days ago

        > Like. Build a decent product.

        Man, wouldn’t it be so cool if tech companies actually were competitive instead of trying to establish parasitic marketshare or dying with no in-between?

      • kelvinjps10 3 days ago
        9 more

        Anyone knows about a good Dropbox alternative? That supports Linux

        • antonyh 2 days ago

          I'm actively looking. NextCloud is on my list of maybes, as is S3 or S3-compatible services like OVH. I'm using Fastmail files as a stopgap via WebDav, but it's slow, doesn't give offline files, and I'll need to rig my own backup solution.

          Everything I've looked at lacks a native client for at least one of my devices or has privacy concerns. Proton would be my first choice if they offered a Linux client.

          The other route I need to explore is rclone - it claims to connect to everything. It would need to poll / cronjob to update rather than instant updates like the mainstream options. The downside is uncertainty - if Proton or whatever changes their private API or encryption scheme then things will cease to sync.

        • disapptavocado 3 days ago
          4 more

          Not free but https://tresorit.com is great. E2E encryption and has a Linux client too.

          • Flimm 3 days ago
            2 more

            The main downside of Tresorit is that it does not support syncing symlinks. It also does not have LAN sync like Dropbox does. Tresorit does have E2E encryption, which is great. Only the enterprise version of Dropbox has E2E encryption.

            • antonyh 2 days ago

              That is unfortunate for both symlinks and for a lack of LAN sync. Not having the ability to deal with anything I throw at it does add risk that the sync isn't true, but outside of the OS I don't use symlinks. LAN sync would save data transfers over slower links but with E2E is this isn't too surprising that it's centralised.

          • antonyh 2 days ago

            Thanks for sharing, I didn't find this option when I looked. This might be a winner for my uses.

        • Larrikin 3 days ago

          Your own computer/NAS with tailscale for day to day usage of accessing your files from any computer from any other computer. Immich to replace the camera upload feature.

          Taildrop needs improvement with files over a gig and between other users though.

        • nazgulsenpai 2 days ago

          I haven't used it personally but I read about it before I decided to DIY, but MEGA has Linux client.

        • jsk2600 3 days ago

          Google Drive with Insync client (paid), I’m using it with no issues for years on Linux.

      • Hamuko 3 days ago
        2 more

        I doubt that Dropbox is able to compete on price against companies like Google, who can bundle all of their Google services in the same package as Google Drive while being able to reduce hosting costs through sheer scale.

    • bigstrat2003 3 days ago

      Well... they could have not enabled a "share your data with us" checkbox without ever asking the user. I have no idea how many customers they lost by playing fast and loose with privacy (I, at least, was one), but it doesn't seem like it could've been worth it.

    • slyall 3 days ago

      Is cloud sharing really commoditized ?

      How many other options are they to sync files between my laptop and my phone, especially if my Laptop is running Linux?

      • rjh29 2 days ago

        Google Drive, iCloud, One Drive, 100 others. Yes Linux is a special case but mostly irrelevant to them.

    • emeril 3 days ago

      I suppose though to be honest, it seems they are still the best for cloud sharing I think?

      • tayo42 3 days ago
        2 more

        better then google drive?

        • grues-dinner 3 days ago

          They have a Linux client, so, yes.

  • coro_1 3 days ago

    There are 5 steps for every one 1 there once was for any given operation on the platform. The next offering will be 6 steps.

  • bapak 3 days ago

    You could say Google should have stuck to search, Apple to computers, IBM to punching cards. As companies grow, they want to diversify and not die.

joey486DX4 2 days ago

Surprised they wouldn't just recommend KeePassXC with the database saved in the Dropbox folder. I've done this since the inception of Dropbox.

rjh29 3 days ago

Google are known for cancelling products but you can at least be sure your files, passwords, bookmarks, map pins, and e-mails aren't going away. They have a core set of apps they've maintained for over two decades without pulling the rug out from under them.

  • mantra2 3 days ago

    I always figure with Google as long as the products are part of the core Apps/G-Suite/Workspace offering they’re fairly safe to use and anything else is a coin flip.

relyks 3 days ago

This stinks. I use this as my main password manager :(

sitzkrieg 2 days ago

companies aquiring/integrating/developing password managers has been the biggest red flag ever