tiffanyh 15 hours ago

Not knowing that Dropbox offered a password manager … I misinterpreted the headline to mean I could no longer log into my Dropbox account with a password anymore (and thought they were forcing passkeys).

  • alisonatwork 14 hours ago

    This recently happened to me on Booking.com and... I ended up not using Booking.com to book a hotel. So long, genius status, or whatever.

    It absolutely drives me nuts that the western world is moving to "as seen in China" login-via-callback flow. Aside from the privacy issue of forcing people to attach an email or phone number or third-party auth provider to their every account, it's just a waste of time and energy to delete our passwords and force us through this weird multi-app flow just to log in to a service we spent years logging into without ever getting hacked. Imagine if every time you wanted to get into your house you had to press the doorbell and then wait for someone to call you back to decide whether you should be allowed in. It's absurd.

    • rafram 13 hours ago

      > "as seen in China" login-via-callback flow

      What, exactly, does this mean?

      But passkeys are the new hotness, not SSO, and what you’re describing is SSO. Passkeys aren’t tied to an outside account, just a password manager (which can be your browser - no account required).

      • fooofw 6 hours ago

        Your parent comment may refer to requesting and waiting for a login link in, say, an email to authenticate - not SSO.

        • rafram an hour ago

          Oh, that makes sense.

      • alisonatwork 12 hours ago

        When I lived in China a common way of "logging in" was to enter an OTP sent to your phone via SMS. By the time I left a few years back it seemed increasingly that signup and login flows were on the way out in favor of simply using your phone number anywhere and everywhere as a personal identifier and OTP or in-app notifications for authentication.

        • rafram an hour ago

          Thanks, I misread your first comment. That makes sense. Yeah, not a great system, especially because it turns phone numbers into semi-sensitive personal information that you also give out to every single person you ever meet.

        • hofrogs 12 hours ago

          Added benefit of inheriting someone's account if they miss the phone number rent and you get the recycled number.

    • ijustlovemath 14 hours ago

      This is especially true if you simply increase the minimum password length to a certain amount. The major browsers include password managers for specifically this purpose which can generate passwords; why don't we move towards educating users how to use these tools instead of centralizing all the failure points of the web?

      And yes, I understand the major conflict of interest in saving important passwords to Google, which I personally don't do and wouldn't recommend, but I think if they're interested in staying out of the Googleverse, we can also tell people about the good paid alternatives out there.

      • somenameforme 13 hours ago

        Paid vs Google seems a bit of a false dichotomy. Bitwarden and countless other such programs are completely free for normal usage. The freemium stuff comes in for business and uses far beyond just a password manager.

      • userbinator 12 hours ago

        why don't we move towards educating users how to use these tools instead of centralizing all the failure points of the web

        Because there are vested interests in doing the latter. That said, I don't trust password managers either.

    • hug 13 hours ago

      > Imagine if every time you wanted to get into your house you had to press the doorbell and then wait for someone to call you back to decide whether you should be allowed in.

      This is exactly what I do to visitors to my house.

    • sofixa 2 hours ago

      What? You can auth to booking.com with a password just fine (I just did it this morning).

      Many sites have "magic links" (they sent you a link to login via email instead of having to write a in password), but there's almost always a way to say you want to log in with your password. Sometimes, especially for touchier things, there's MFA.

      > Aside from the privacy issue of forcing people to attach an email or phone number or third-party auth provider to their every account

      How do you login without an email, phone number or delegating to a third party? You perform a secret magic dance? Especially for something such as booking.com which more likely than not has your bank details saved, and can wreak havoc (cancel your bookings), I'm really not sure what you want them to do.

      • alisonatwork an hour ago

        I was surprised when it happened to me too, but it seems to be an anti-feature that has been rolling out for some time now[0]. The ability to use a password has vanished completely.

        The thing that makes it particularly egregious is that Booking.com is literally designed to be used on the road, from any location anywhere, on any weird device you might have access to at the time. There's no guarantee that whatever janky airport wifi allows IMAP, or that your phone can receive SMS in whatever country you're in. Forcing 2FA - or now apparently just the "1FA" of magic link/OTP - has made the service useless for its primary purpose.

        [0] https://old.reddit.com/r/Bookingcom/comments/1hl055b/cannot_...

    • bapak 13 hours ago

      All bets are on Passkeys, but I'm sure a lot of people can't deal with them due to lack of sync across devices.

      Passkeys are a great Trojan horse for password managers vs oauth, magic links, "password123" strings

  • greyface- 15 hours ago

    For me, the headline evoked memories of this 2011 Dropbox security incident. https://news.ycombinator.com/item?id=2678576

    • sodality2 13 hours ago

      Hilarious that the bitrotted dropbox blogpost linked in the techcrunch article discussing this vulnerability (quoted as saying things like “this never should have happened”) instead redirects to some dropbox blog home page, with “What happens when AI joins your team?” prominently featured. Initially I thought their postmortem was blaming AI very openly 14 years ago :D

  • windexh8er 13 hours ago

    I was wondering, genuinely: is Dropbox still something the masses use? I found the product to be subpar many years ago and stopped using it and only seemed to read about it continuing to degrade.

    • tim333 an hour ago

      I, speaking as part of the masses, still use it. Works fine for my purposes. I'm not sure what's supposed to be wrong with it?

    • omnimus 12 hours ago

      At least in some circles yes. It is very much only sync service creative professionals use.

      Mainly due to conflict resolution, corruption and version history. It still has best implemented “online only files”.

      Think 10 person design studio all working in one big studio “Work” folder.

      So while the clients got bloated Dropbox still has edge in essentials. People trust it unlike other services some of which are straight up infamous for loosing your files like iCloud or corrupting them like adobe creative cloud.

      • danieldk 11 hours ago

        And block-level sync. Many sync services only do file-level sync.

    • chromehearts 12 hours ago

      I always wondered this too .. I have a feeling their only users are those who just never migrated & users who used 10minmail (who upload "illegal" files (unreleased songs etc.))

      • omnimus 12 hours ago

        Where and why would you migrate?

stmw 18 hours ago

Strategically this doesn't make a lot of sense to me (password management is a natural adjacent product to their core offering), but I am sure they had lots of data that showed it wasn't succeeding. Having been involved in password managemetn before, what I have learned is that it is surprisingly difficult to continue to maintain as both browsers and websites change, the mobile situation is very difficult and it's just one of those software projects that seems simple.. but isn't. So if there is not a big attach rate, it makes sense for Dropbox to drop it.

  • danieldk 11 hours ago

    Even as a Dropbox user, I only half-knew that they had a password manager. I try to avoid their website because it tries to push me into a different plan every single time with popups, banners, etc. (despite being on a $20 per month family account).

    On the Mac, I avoid their own client and use Maestral for pretty much the same reasons. Unlike their old client, their Mac client annoys you with all kinds of (to me) irrelevant stuff. Only on Linux I use their client, because it's still the old client and does not bother me.

    I guess a lot of people that are still using and paying for Dropbox, do it because of their really excellent file sync and try to tune out of anything else because they tried to push too much crap over the years (remember when they tried to push everyone to use their mail client?).

    I would rather have them bring things like end-to-end encryption to all account types. Improve the functionality of the core product we are paying them for.

  • dehrmann 12 hours ago

    I assume consumers have moved to Google for files and still reuse passwords or use their browser's password manager. Companies have moved passwords to something like Okta, and probably Microsoft, Google, or possibly Box for files.

  • AznHisoka 6 hours ago

    What is the biggest thing to maintain? Isn’t it just storing passwords?

    • thimabi 5 hours ago

      Integration with browsers and websites, because these password managers are based on autofill rather than copying and pasting passwords.

    • stmw 3 hours ago

      Integration and endless QA with the websites for form-filling, and various tricky user flows with sync across desktop and mobile.

ildon 12 hours ago

This is very sad news. I've been using their password manager since it came out and, although not perfect, was working very well for me.

As a long standing (paying) user of Dropbox (I believe I've been using it since the very beginning), and former stock holder, I believe Dropbox must adjust its course asap. They lack a clear vision for the future and their current offering is way too limited (and shrinking apparently). For the money they ask there's no point in actually paying for their product, unless one is already locked in. For the same price, or even less, one can get an entire Office suite (Google/MS), plus cloud storage. Sure, Google Drive or OneDrive are nowhere close to Dropbox in terms of sync quality, but how many users (business and consumers) are willing to pay such a premium for quality file sync on top of other subscriptions?

Additionally, for many Dropbox is a no go for the simple fact that they don't have a reliable way to edit documents simultaneously. Recently I was looking for a cloud storage solution for a business that needed collaborative editing of documents. I had to go with Office365, as much as I would have preferred not to, because the way they allow multiple concurrent edits to documents is simply not matched by Dropbox (Google Drive is even better but it lacked some features that were essential for the business).

Unfortunately it looks like the stock market is well aware of this. The capitalization of Dropbox has been essentially stagnating for ~5 years, if adjusted for inflation.

I really hope that Dropbox can change its course by doing some brave acquisitions and rebuild its brand image with a more compelling and comprehensive offering.

  • kookamamie 12 hours ago

    > sync quality

    Is this really a differentiator nowadays?

    • SebastianKra 11 hours ago

      iCloud lost all my data twice. Before that, it was always stuck syncing some unknown files. I also ran into problems where conflict resolution in Apples own office apps wouldn't work and I'd just lose one of the version. So yes.

    • antonyh 7 hours ago

      Both Google Drive and Microsoft OneDrive have had mass file loss events. Local LAN sync is hugely useful too. Upload speed matters, as does conflict resolution. These are features worth paying for.

  • sofixa 2 hours ago

    They're a perfect example of why the old adage of "do one thing and do it well" often doesn't scale as a business.

    If platforms can provide a competing service, bundled within their package, many will pick it, even if it is worse quality. Dropbox had to expand (like Proton are - they started with email, then added calendar, Drive for file storage, Docs for collaborative editing, Pass for password manager, etc. Even if I would prefer they spend more time to fix gaps in their Android email app, I completely understand why they have to expand their stack).

qnleigh 11 hours ago

3 months doesn't seem like enough advanced warning before deleting essential data like this. What if someone is hiking the Pacific Coast Trail right now? Or is the recovering from a serious medical event? Or just doesn't use the app and the email they signed up with that often?

Is it really that expensive for them to maintain minimal access for a year? This is not a rhetorical question.

treetalker 18 hours ago

I kinda wish Dropbox would stick to dropboxing.

Always with the product-line creep. No doubt the next offerings will be Dropbox Email and "Dropbox the LLM" (better than Spaceballs the Flamethrower, I suppose).

  • rjh29 17 hours ago

    I agree but what are they supposed to do? Cloud sharing is commoditized now and it's easy to move providers. Their only choice was to try to move up the stack, but there is no clear direction. It's video editing, e-signatures/encryption, passwords, AI, document editing... so far I haven't found any of those offerings useful. Their Linux support is however much appreciated.

    • Groxx 15 hours ago

      Reduce price. Reduce the abominable resource usage. Allow E2E encryption. Increase performance so it doesn't trickle at tens of kilobytes for hours when I have 100Mbps upload and half a terabyte left.

      Like. Build a decent product. The lack of any major competition doesn't mean they should stop improving and branch out into costly absurdity, at least try to keep up with Maestral with 100x the headcount.

      • twright0 13 hours ago

        > Reduce price. Reduce the abominable resource usage. Allow E2E encryption. Increase performance so it doesn't trickle at tens of kilobytes for hours when I have 100Mbps upload and half a terabyte left.

        How do you imagine that any of these things would strengthen Dropbox's business at a scale relevant to them?

        Reducing price would be straightforwardly bad; most users do not understand resource usage complaints (though I'm not conceding that problem exists - it's a non-factor on my machine); E2E encryption is an anti-feature for a consumer audience who will lock themselves out and demand refunds far above the rate at which anyone will pay for E2E specifically; most users do not have half a terabyte all at once to store nor upload speeds such that the Dropbox app performance is the limiting factor, even if those performance problems are true.

        > The lack of any major competition

        Dropbox's core product faces substantial competition from multiple tech giants (Google Drive, One Drive, iCloud) who have incentive and ability to eat losses on a sync product to sell other services or devices. If they don't find other lines of business to sell alongside sync they will die, and building an incrementally better sync product will not save them.

        (I worked at Dropbox a ~decade ago and no longer have any insider insight nor financial stake in the company, but I sympathize that they're in a brutally difficult position in building a sustainable business)

        • Groxx 4 hours ago

          Every Dropbox user I've talked with has complained at length about the random upload slowdowns.

          Every Dropbox user I've talked with has complained at length about the software.

          Every Dropbox user I've talked with has complained at length about the cost, and is looking for alternatives, but the marginally-better software keeps them there for now (gdrive and onedrive have a fair number more issues).

          Yes, I think it matters. But they exploded their headcount and now they have to compete in areas they aren't anywhere near as good in (document management, etc) to make the higher profit they need to keep going, and raise the cost for everyone who doesn't use it.

          Basically they went B2B and have been coasting in a gradual decline on their consumer side. A tale as old as time.

        • Barrin92 4 hours ago

          The problem was them going public. Honestly looking at the fact that it's a 20 year old company that's really good at one thing, take it private if you can, slim the company down and offer more competitive prices. The other user is right on that. Accept that you're Jetbrains instead of fancy big tech giant.

          If they offered a competitive 100 Gig tier or a cheaper 1 TB tier I'd instantly switch my entire family back from Google Drive because at a technical level Dropbox is just simply better. Insync + GDrive is much worse than the block based sync. If they just focused on this they have a good business. The headcount expansion and desperate horizontal creep into other services just makes miserable products.

      • kelvinjps10 13 hours ago

        Anyone knows about a good Dropbox alternative? That supports Linux

        • nazgulsenpai an hour ago

          I haven't used it personally but I read about it before I decided to DIY, but MEGA has Linux client.

        • antonyh 7 hours ago

          I'm actively looking. NextCloud is on my list of maybes, as is S3 or S3-compatible services like OVH. I'm using Fastmail files as a stopgap via WebDav, but it's slow, doesn't give offline files, and I'll need to rig my own backup solution.

          Everything I've looked at lacks a native client for at least one of my devices or has privacy concerns. Proton would be my first choice if they offered a Linux client.

          The other route I need to explore is rclone - it claims to connect to everything. It would need to poll / cronjob to update rather than instant updates like the mainstream options. The downside is uncertainty - if Proton or whatever changes their private API or encryption scheme then things will cease to sync.

        • Larrikin 12 hours ago

          Your own computer/NAS with tailscale for day to day usage of accessing your files from any computer from any other computer. Immich to replace the camera upload feature.

          Taildrop needs improvement with files over a gig and between other users though.

        • disapptavocado 12 hours ago

          Not free but https://tresorit.com is great. E2E encryption and has a Linux client too.

          • Flimm 12 hours ago

            The main downside of Tresorit is that it does not support syncing symlinks. It also does not have LAN sync like Dropbox does. Tresorit does have E2E encryption, which is great. Only the enterprise version of Dropbox has E2E encryption.

            • antonyh 7 hours ago

              That is unfortunate for both symlinks and for a lack of LAN sync. Not having the ability to deal with anything I throw at it does add risk that the sync isn't true, but outside of the OS I don't use symlinks. LAN sync would save data transfers over slower links but with E2E is this isn't too surprising that it's centralised.

          • antonyh 7 hours ago

            Thanks for sharing, I didn't find this option when I looked. This might be a winner for my uses.

        • jsk2600 13 hours ago

          Google Drive with Insync client (paid), I’m using it with no issues for years on Linux.

      • andrewmcwatters 14 hours ago

        > Like. Build a decent product.

        Man, wouldn’t it be so cool if tech companies actually were competitive instead of trying to establish parasitic marketshare or dying with no in-between?

      • Hamuko 13 hours ago

        I doubt that Dropbox is able to compete on price against companies like Google, who can bundle all of their Google services in the same package as Google Drive while being able to reduce hosting costs through sheer scale.

    • bigstrat2003 14 hours ago

      Well... they could have not enabled a "share your data with us" checkbox without ever asking the user. I have no idea how many customers they lost by playing fast and loose with privacy (I, at least, was one), but it doesn't seem like it could've been worth it.

    • slyall 12 hours ago

      Is cloud sharing really commoditized ?

      How many other options are they to sync files between my laptop and my phone, especially if my Laptop is running Linux?

    • emeril 16 hours ago

      I suppose though to be honest, it seems they are still the best for cloud sharing I think?

      • tayo42 14 hours ago

        better then google drive?

        • grues-dinner 8 hours ago

          They have a Linux client, so, yes.

  • bapak 13 hours ago

    You could say Google should have stuck to search, Apple to computers, IBM to punching cards. As companies grow, they want to diversify and not die.

  • coro_1 14 hours ago

    There are 5 steps for every one 1 there once was for any given operation on the platform. The next offering will be 6 steps.

joey486DX4 7 hours ago

Surprised they wouldn't just recommend KeePassXC with the database saved in the Dropbox folder. I've done this since the inception of Dropbox.

rjh29 17 hours ago

Google are known for cancelling products but you can at least be sure your files, passwords, bookmarks, map pins, and e-mails aren't going away. They have a core set of apps they've maintained for over two decades without pulling the rug out from under them.

  • mantra2 14 hours ago

    I always figure with Google as long as the products are part of the core Apps/G-Suite/Workspace offering they’re fairly safe to use and anything else is a coin flip.

sitzkrieg 5 hours ago

companies aquiring/integrating/developing password managers has been the biggest red flag ever

relyks 13 hours ago

This stinks. I use this as my main password manager :(