Dropbox Rolled Out A New Password Manager App

Dropbox, an online data storage company has rolled out a private beta version of a new password manager app. An invite-only version of the Dropbox Passwords application has been published to the Google Play Store.

It seems that the new app provides standard password managing tools such as a feature that will provide the ability to auto-fill login credentials - username and passwords on various services/websites. Features including the generation of a strong password and synchronization of passwords across various devices are also offered by the Dropbox Passwords app.

The description of this application states that the credentials of a user are stored with zero-knowledge encryption so the passwords can only be accessed by the user. This will help to protect the password of the app’s users from hackers. It is not yet clear whether users will be required a separate username and a master password for the Dropbox Passwords app. Or users would be able to log in with the same username and password they use to access their Dropbox accounts.

But, considering that millions of individuals use Dropbox to save as well as synchronize their files, some users might feel that storing passwords in Dropbox Passwords is like putting a lot of eggs in the same basket. It appears that users will have to likely use the same username and password for the Dropbox Passwords app. If users will be using the same login credentials for the app, then Dropbox provides a range of two-factor authentication methods. These methods boost the security of your account.

Currently, users are able to enable two-factor authentication through their smartphone or enabling the feature requires users to plug a physical USB security key into the USB port if they wish to log in on a different device. You can use the codes sent via SMS Messages for enabling the feature or you can also enable two-factor authentication through an app.

Dropbox introduced these methods back in the year 2012 when the company experienced a huge data breach. The data breach exposed the stored login credentials of around 68 million users of the service. These credentials were then traded online. That enormous data breach did not come to light until after four years when the company enforced the users to reset their passwords whose login credentials may have been exposed.

Now, the company cannot afford another breach of user credentials if Dropbox wants to be the safe-keeper of your login credentials for each of your online accounts. According to Graham Cluley, an independent security analyst, the online storage company should consider to make 2FA necessary for all the users of the Dropbox Passwords. He stated that it will be the best practice and it will convey a message to the users of Dropbox that they think two-factor authentication is beneficial for each online account.

We are not yet sure whether the Dropbox Passwords app will be made available to all users or the company will make the service available only for paid subscribers. However, the app will likely be made available to paying subscribers as one of the screenshots of the app states ‘Premium App.’ Currently, the beta of this app is only accessible to selected users of the Dropbox.

Read next: Sandboxed iframes in some web browsers may not be as secure as they are considered, Drive-by-downloads may pose a threat of a cyber attack
Previous Post Next Post