Jump to content


Photo

Change Your Dropbox Password


  • Please log in to reply
13 replies to this topic

#1 R. Mansfield

R. Mansfield

    Platinum

  • Accordance
  • 1,117 posts
  • Gender:Male
  • Location:Kentucky
  • Accordance Version:10.x

Posted 13 October 2014 - 10:39 PM

According to multiple reports being posted on the Internet tonight, there may have been a massive security breach with Dropbox resulting in anywhere from hundreds of passwords that have already been publicly exposed to the threat of millions to come. 

 

Since many Accordance users use Dropbox for syncing between the desktop and mobile versions, I would strongly urge changing your password immediately. And if you use the same password in Dropbox that you use elsewhere, change the password for those other services as well. 

 

For more information:

http://thenextweb.co...e-alleged-hack/

 

http://gizmodo.com/c...user-1645981610

 

http://arstechnica.c...arently-leaked/


  • Julie Falling likes this

Rick Mansfield

Technology Evangelist

Accordance Bible Software

 


#2 JonathanHuber

JonathanHuber

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 827 posts
  • Gender:Male
  • Location:Englewood, CO
  • Interests:Bible study, Greek
  • Accordance Version:10.x

Posted 13 October 2014 - 11:23 PM

This is also a good time to suggest using 2-factor authentication, which means that Dropbox will send a number code to your phone when you try to log in. This would prevent someone from logging into your account even if they stole your password unless they also managed to steal your phone. If you keep anything particularly sensitive in your dropbox account, you should enable this.


  • Julie Falling and Abram K-J like this

#3 Abram K-J

Abram K-J

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 1,741 posts
  • Gender:Male
  • Location:Greater Boston, MA
  • Accordance Version:10.x

Posted 14 October 2014 - 12:08 AM

Thanks for the heads-up.


Abram K-J
Pastor, Writer, Freelance Editor, Youth Ministry Consultant, Blogger
Web: Words on the Word

#4 Julie Falling

Julie Falling

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 1,266 posts
  • Gender:Female
  • Location:Tennessee
  • Interests:Numerous!
  • Accordance Version:10.x

Posted 14 October 2014 - 08:28 AM

Thanks, Rick.  Changed my password, and went ahead and enabled the two-step authentication.  Thanks, Jonathan.


Julia Falling

 

Accordance 

MacBook Air Yosemite

mid-2013 1.7 GHz Intel Core i7 (2 cores)

8 GB RAM; 512 G SSD

 

Mac mini Yosemite

late-2012 2.3GHz Intel Core i7 (4 cores)

16 GB RAM; 1.12  TB Fusion Drive

 

iPad Air 1 iOS 8.1

64 GB

 

 

 

 


#5 R. Mansfield

R. Mansfield

    Platinum

  • Accordance
  • 1,117 posts
  • Gender:Male
  • Location:Kentucky
  • Accordance Version:10.x

Posted 14 October 2014 - 08:41 AM

The official word from Dropbox is that they were not hacked. See http://techcrunch.co...opbox-pastebin/

 

However, this revelation came on the heels of Dropbox losing a number of people's data yesterday, so they are in heavy defensive mode regardless. 

 

And since it's good to change passwords regularly anyway, it seems to me that changing passwords even if there's been rumor of a hack is a good idea.


Rick Mansfield

Technology Evangelist

Accordance Bible Software

 


#6 Gabrielchua

Gabrielchua

    Member

  • Active Members
  • Pip
  • 11 posts
  • Gender:Male
  • Accordance Version:10.x

Posted 16 October 2014 - 04:16 AM

If you use the same email address & password on other web sites (accordance, amazon, etc), suggest change those as well.

Hackers are getting smarter.

Cheers.



#7 Alistair

Alistair

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 525 posts
  • Gender:Male
  • Accordance Version:10.x

Posted 23 October 2014 - 02:49 PM

I recommend the use of 1Password or some other such password management utility.



#8 Daniel Semler

Daniel Semler

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 1,422 posts
  • Gender:Male
  • Accordance Version:10.x

Posted 23 October 2014 - 03:07 PM

If 1Password ever gets hacked that will not be a pretty day.

 

Thx

D


Accordance Configurations :
 
Mac : 2009 27" iMac                 Windows : HP 4540s laptop
      Intel Core Duo                          Intel i5 Ivy Bridge
      12GB RAM                                8GB RAM
      Accordance 10.4.3.2                     Accordance 10.4.3.2 and Aleph 10.4.3.2
      OSX 10.9 (Mavericks)                    Win 7 Professional x64 SP1

#9 JonathanHuber

JonathanHuber

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 827 posts
  • Gender:Male
  • Location:Englewood, CO
  • Interests:Bible study, Greek
  • Accordance Version:10.x

Posted 23 October 2014 - 03:15 PM

1Password is not a central system like Google or iCloud. It's a local program, every user would have a different password, and you handle any syncing (wifi, iCloud, dropbox, etc) so the software company doesn't store the data. I suppose no security system is absolutely immune to hacking, but 1Password encryption is pretty good and it's not an easy target since each user's file would have to be broken into individually.


  • pme likes this

#10 Daniel Semler

Daniel Semler

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 1,422 posts
  • Gender:Male
  • Accordance Version:10.x

Posted 23 October 2014 - 03:29 PM

AES256 keys are not uncrackable and the fact that these things get synced to all devices indicates that they go through some sort of sync thingie. There was a bunch of noise a few weeks back about a hack of DropBox. DB said it wasn't them it was some other company. My guess is that the fact that DB credentials are handed out to apps for sync support lead to vulnerability of the credentials in a less secure environment. And if there is a cloud service that ends up with a bunch of these in concentration they will be a target.

 

It's getting so pen and paper looks more secure.

 

The safest way to sync devices is off the web. I wonder how many people do it that way.


That's not to say its all bad. The autogeneration of sophisticated passwords is a good thing and may save you when one of the sites for which you use such a password is hacked.

 

Thx

D


Edited by Daniel Semler, 23 October 2014 - 03:31 PM.

Accordance Configurations :
 
Mac : 2009 27" iMac                 Windows : HP 4540s laptop
      Intel Core Duo                          Intel i5 Ivy Bridge
      12GB RAM                                8GB RAM
      Accordance 10.4.3.2                     Accordance 10.4.3.2 and Aleph 10.4.3.2
      OSX 10.9 (Mavericks)                    Win 7 Professional x64 SP1

#11 JonathanHuber

JonathanHuber

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 827 posts
  • Gender:Male
  • Location:Englewood, CO
  • Interests:Bible study, Greek
  • Accordance Version:10.x

Posted 23 October 2014 - 03:43 PM

AES256 keys are not uncrackable and the fact that these things get synced to all devices indicates that they go through some sort of sync thingie. There was a bunch of noise a few weeks back about a hack of DropBox. DB said it wasn't them it was some other company. My guess is that the fact that DB credentials are handed out to apps for sync support lead to vulnerability of the credentials in a less secure environment. And if there is a cloud service that ends up with a bunch of these in concentration they will be a target.

 

The official word from Dropbox is that the compromised accounts were affected because the users re-used a password from another site. That password was stolen and simply used to log into dropbox just like the user would have. It is probably true that a lot of people use dropbox for syncing their 1password file, but that file is itself encrypted. Even if you acquired multiple 1password files, you'd still have to crack each one individually. I'm not saying it can't be done. It's just a more tedious process than hacking into a central system like Google or iCloud. The Dropbox situation itself serves to illustrate the problem of password re-use, one of the key issues that 1Password addresses.



#12 Daniel Semler

Daniel Semler

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 1,422 posts
  • Gender:Male
  • Accordance Version:10.x

Posted 23 October 2014 - 03:54 PM

Ah ok I'm behind on the DB issue - and yes the reuse issue is a bad one so it certainly helps there.

 

I still remain leery of all eggs in one basket solutions but they have their benefits also. Perhaps one day I'll stop worrying and learn to love the cloud :)


Accordance Configurations :
 
Mac : 2009 27" iMac                 Windows : HP 4540s laptop
      Intel Core Duo                          Intel i5 Ivy Bridge
      12GB RAM                                8GB RAM
      Accordance 10.4.3.2                     Accordance 10.4.3.2 and Aleph 10.4.3.2
      OSX 10.9 (Mavericks)                    Win 7 Professional x64 SP1

#13 R. Mansfield

R. Mansfield

    Platinum

  • Accordance
  • 1,117 posts
  • Gender:Male
  • Location:Kentucky
  • Accordance Version:10.x

Posted 23 October 2014 - 04:03 PM

I've been using the password generator that was built into Apple's Keychain since it was released with Mavericks a year or so ago. It's kind of a poor man's 1Password from what I understand. It's worked well for me except for two areas:

 

1. It only works on Apple's devices. That covers me most of the time, but I do use a Windows laptop for part of my work, and I occasionally try out other devices (such as using a Windows Phone this past summer). In those cases, I have to have an Apple device handy to look up passwords if I don't want to reset them.

 

2. Dedicated apps do not seem to work with password managers--unless I'm missing something. For instance, Apple's Keychain will store my American Express password and fill it in if I go directly to the Amex website. However, if I use the American Express iOS app, I have to be able to enter the password myself. It's a shame that there's not some way to make Keychain (or any of the other password managers) work with the dedicated apps--again, unless they do, and I've missed that feature.


Rick Mansfield

Technology Evangelist

Accordance Bible Software

 


#14 pme

pme

    Member

  • Members
  • Pip
  • 7 posts
  • Gender:Male
  • Accordance Version:10.x

Posted 28 October 2014 - 03:37 PM

For those old enough to remember, the definition of a password is the sticky note attached to the top of your computer.
Definitely love 1P




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users