Jump to content


Photo

Change Your Dropbox Password


  • Please log in to reply
13 replies to this topic

#1 R. Mansfield

R. Mansfield

    Mithril

  • Accordance
  • 4,214 posts
  • Twitter:@thislamp
  • Gender:Male
  • Location:Louisiana
  • Interests:Accordance (of course!); biblical studies & backgrounds; Early Church writings; Eastern Orthodox theology & practice; spending time with my wife, Kathy, and my hound, Lucy Mae; cooking with cast iron and Tabasco; getting lost on country roads in my Jeep Wrangler
  • Accordance Version:12.x
  • Platforms:Mac OS X, Windows, iOS, Android

Posted 13 October 2014 - 10:39 PM

According to multiple reports being posted on the Internet tonight, there may have been a massive security breach with Dropbox resulting in anywhere from hundreds of passwords that have already been publicly exposed to the threat of millions to come. 

 

Since many Accordance users use Dropbox for syncing between the desktop and mobile versions, I would strongly urge changing your password immediately. And if you use the same password in Dropbox that you use elsewhere, change the password for those other services as well. 

 

For more information:

http://thenextweb.co...e-alleged-hack/

 

http://gizmodo.com/c...user-1645981610

 

http://arstechnica.c...arently-leaked/


  • Julia Falling likes this

Richard Mansfield

Technology Evangelist

Accordance Bible Software

 


#2 JonathanHuber

JonathanHuber

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:Denver, CO
  • Interests:Bible study, Greek
  • Accordance Version:12.x
  • Platforms:Mac OS X, iOS

Posted 13 October 2014 - 11:23 PM

This is also a good time to suggest using 2-factor authentication, which means that Dropbox will send a number code to your phone when you try to log in. This would prevent someone from logging into your account even if they stole your password unless they also managed to steal your phone. If you keep anything particularly sensitive in your dropbox account, you should enable this.


  • Julia Falling and Abram K-J like this

2012 non-retina Macbook Pro
OS 10.13.6 High Sierra


#3 Abram K-J

Abram K-J

    Mithril

  • Super Member
  • PipPipPipPipPipPip
  • 2,812 posts
  • Gender:Male
  • Location:Greater Boston, MA
  • Accordance Version:12.x
  • Platforms:Mac OS X, iOS

Posted 14 October 2014 - 12:08 AM

Thanks for the heads-up.


Abram K-J
Pastor, Writer, Editor, Blogger
Web: Words on the Word

#4 Julia Falling

Julia Falling

    Mithril

  • Super Member
  • PipPipPipPipPipPip
  • 2,571 posts
  • Gender:Female
  • Location:Tennessee
  • Interests:Numerous!
  • Accordance Version:12.x
  • Platforms:Mac OS X, iOS

Posted 14 October 2014 - 08:28 AM

Thanks, Rick.  Changed my password, and went ahead and enabled the two-step authentication.  Thanks, Jonathan.


Julia Falling

13" MacBook Pro Mojave Acc 12
mid-2017 3.5 GHz Intel Core i7 (2 cores)
16 GB RAM;
512 GB SSD

iPad Pro iOS 12
128 GB
iAccord 2.7

iPhone XR iOS 12
128 GB
iAccord 2.7


Used for backup only:
Mac mini Mojave Acc 12
late-2012 2.3GHz Intel Core i7 (4 cores)
16 GB RAM; 1.12 TB Fusion Drive

#5 R. Mansfield

R. Mansfield

    Mithril

  • Accordance
  • 4,214 posts
  • Twitter:@thislamp
  • Gender:Male
  • Location:Louisiana
  • Interests:Accordance (of course!); biblical studies & backgrounds; Early Church writings; Eastern Orthodox theology & practice; spending time with my wife, Kathy, and my hound, Lucy Mae; cooking with cast iron and Tabasco; getting lost on country roads in my Jeep Wrangler
  • Accordance Version:12.x
  • Platforms:Mac OS X, Windows, iOS, Android

Posted 14 October 2014 - 08:41 AM

The official word from Dropbox is that they were not hacked. See http://techcrunch.co...opbox-pastebin/

 

However, this revelation came on the heels of Dropbox losing a number of people's data yesterday, so they are in heavy defensive mode regardless. 

 

And since it's good to change passwords regularly anyway, it seems to me that changing passwords even if there's been rumor of a hack is a good idea.


Richard Mansfield

Technology Evangelist

Accordance Bible Software

 


#6 Gabrielchua

Gabrielchua

    Member

  • Active Members
  • Pip
  • 13 posts
  • Gender:Male
  • Accordance Version:10.x

Posted 16 October 2014 - 04:16 AM

If you use the same email address & password on other web sites (accordance, amazon, etc), suggest change those as well.

Hackers are getting smarter.

Cheers.



#7 Alistair

Alistair

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 1,516 posts
  • Gender:Male
  • Accordance Version:12.x
  • Platforms:Mac OS X

Posted 23 October 2014 - 02:49 PM

I recommend the use of 1Password or some other such password management utility.



#8 דָנִיאֶל

דָנִיאֶל

    Ruby

  • Super Member
  • PipPipPipPipPipPipPip
  • 5,379 posts
  • Gender:Male
  • Accordance Version:12.x
  • Platforms:Mac OS X, Windows, Android

Posted 23 October 2014 - 03:07 PM

If 1Password ever gets hacked that will not be a pretty day.

 

Thx

D


Sola lingua bona est lingua mortua
ἡ μόνη ἀγαθὴ γλῶσσα γλῶσσα νεκρὰ ἐστιν
lišanu ēdēnitu damqitu lišanu mītu

"Du stammst vom Herrn Adam und der Herrin Eva ab", sagte Aslan. "Und das ist zugleich Ehre genug, um das Häupt des ärmsten Bettlers zu erheben, und genug, um die Schultern des größten Kaisers auf Erden zu beugen. Sei zufrieden." Aslan, Die Chroniken von Narnia, Prinz Kaspian von Narnia. CS Lewis. Übersetzt von Wolfgang Holbein und Christian Rendel.

Accordance Syntax Search For Wallace's Greek Grammar Beyond the Basics : https://github.com/4...WallaceInSyntax

 

Accordance Crib Sheets: http://47rooks.com/l...ch-crib-sheets/

 

 

Accordance Configurations :

Mac : 2009 27" iMac
12GB RAM

Windows : MSI GE72 7RE Apache Pro laptop
Intel Core Duo Intel i7 Kabylake

Android : Samsung Note III 5.0, Samsung Tab S3 7.0 and Lenovo TAB4 8" 7.1


#9 JonathanHuber

JonathanHuber

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:Denver, CO
  • Interests:Bible study, Greek
  • Accordance Version:12.x
  • Platforms:Mac OS X, iOS

Posted 23 October 2014 - 03:15 PM

1Password is not a central system like Google or iCloud. It's a local program, every user would have a different password, and you handle any syncing (wifi, iCloud, dropbox, etc) so the software company doesn't store the data. I suppose no security system is absolutely immune to hacking, but 1Password encryption is pretty good and it's not an easy target since each user's file would have to be broken into individually.


  • pme likes this

2012 non-retina Macbook Pro
OS 10.13.6 High Sierra


#10 דָנִיאֶל

דָנִיאֶל

    Ruby

  • Super Member
  • PipPipPipPipPipPipPip
  • 5,379 posts
  • Gender:Male
  • Accordance Version:12.x
  • Platforms:Mac OS X, Windows, Android

Posted 23 October 2014 - 03:29 PM

AES256 keys are not uncrackable and the fact that these things get synced to all devices indicates that they go through some sort of sync thingie. There was a bunch of noise a few weeks back about a hack of DropBox. DB said it wasn't them it was some other company. My guess is that the fact that DB credentials are handed out to apps for sync support lead to vulnerability of the credentials in a less secure environment. And if there is a cloud service that ends up with a bunch of these in concentration they will be a target.

 

It's getting so pen and paper looks more secure.

 

The safest way to sync devices is off the web. I wonder how many people do it that way.


That's not to say its all bad. The autogeneration of sophisticated passwords is a good thing and may save you when one of the sites for which you use such a password is hacked.

 

Thx

D


Edited by Daniel Semler, 23 October 2014 - 03:31 PM.

Sola lingua bona est lingua mortua
ἡ μόνη ἀγαθὴ γλῶσσα γλῶσσα νεκρὰ ἐστιν
lišanu ēdēnitu damqitu lišanu mītu

"Du stammst vom Herrn Adam und der Herrin Eva ab", sagte Aslan. "Und das ist zugleich Ehre genug, um das Häupt des ärmsten Bettlers zu erheben, und genug, um die Schultern des größten Kaisers auf Erden zu beugen. Sei zufrieden." Aslan, Die Chroniken von Narnia, Prinz Kaspian von Narnia. CS Lewis. Übersetzt von Wolfgang Holbein und Christian Rendel.

Accordance Syntax Search For Wallace's Greek Grammar Beyond the Basics : https://github.com/4...WallaceInSyntax

 

Accordance Crib Sheets: http://47rooks.com/l...ch-crib-sheets/

 

 

Accordance Configurations :

Mac : 2009 27" iMac
12GB RAM

Windows : MSI GE72 7RE Apache Pro laptop
Intel Core Duo Intel i7 Kabylake

Android : Samsung Note III 5.0, Samsung Tab S3 7.0 and Lenovo TAB4 8" 7.1


#11 JonathanHuber

JonathanHuber

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:Denver, CO
  • Interests:Bible study, Greek
  • Accordance Version:12.x
  • Platforms:Mac OS X, iOS

Posted 23 October 2014 - 03:43 PM

AES256 keys are not uncrackable and the fact that these things get synced to all devices indicates that they go through some sort of sync thingie. There was a bunch of noise a few weeks back about a hack of DropBox. DB said it wasn't them it was some other company. My guess is that the fact that DB credentials are handed out to apps for sync support lead to vulnerability of the credentials in a less secure environment. And if there is a cloud service that ends up with a bunch of these in concentration they will be a target.

 

The official word from Dropbox is that the compromised accounts were affected because the users re-used a password from another site. That password was stolen and simply used to log into dropbox just like the user would have. It is probably true that a lot of people use dropbox for syncing their 1password file, but that file is itself encrypted. Even if you acquired multiple 1password files, you'd still have to crack each one individually. I'm not saying it can't be done. It's just a more tedious process than hacking into a central system like Google or iCloud. The Dropbox situation itself serves to illustrate the problem of password re-use, one of the key issues that 1Password addresses.


2012 non-retina Macbook Pro
OS 10.13.6 High Sierra


#12 דָנִיאֶל

דָנִיאֶל

    Ruby

  • Super Member
  • PipPipPipPipPipPipPip
  • 5,379 posts
  • Gender:Male
  • Accordance Version:12.x
  • Platforms:Mac OS X, Windows, Android

Posted 23 October 2014 - 03:54 PM

Ah ok I'm behind on the DB issue - and yes the reuse issue is a bad one so it certainly helps there.

 

I still remain leery of all eggs in one basket solutions but they have their benefits also. Perhaps one day I'll stop worrying and learn to love the cloud :)


Sola lingua bona est lingua mortua
ἡ μόνη ἀγαθὴ γλῶσσα γλῶσσα νεκρὰ ἐστιν
lišanu ēdēnitu damqitu lišanu mītu

"Du stammst vom Herrn Adam und der Herrin Eva ab", sagte Aslan. "Und das ist zugleich Ehre genug, um das Häupt des ärmsten Bettlers zu erheben, und genug, um die Schultern des größten Kaisers auf Erden zu beugen. Sei zufrieden." Aslan, Die Chroniken von Narnia, Prinz Kaspian von Narnia. CS Lewis. Übersetzt von Wolfgang Holbein und Christian Rendel.

Accordance Syntax Search For Wallace's Greek Grammar Beyond the Basics : https://github.com/4...WallaceInSyntax

 

Accordance Crib Sheets: http://47rooks.com/l...ch-crib-sheets/

 

 

Accordance Configurations :

Mac : 2009 27" iMac
12GB RAM

Windows : MSI GE72 7RE Apache Pro laptop
Intel Core Duo Intel i7 Kabylake

Android : Samsung Note III 5.0, Samsung Tab S3 7.0 and Lenovo TAB4 8" 7.1


#13 R. Mansfield

R. Mansfield

    Mithril

  • Accordance
  • 4,214 posts
  • Twitter:@thislamp
  • Gender:Male
  • Location:Louisiana
  • Interests:Accordance (of course!); biblical studies & backgrounds; Early Church writings; Eastern Orthodox theology & practice; spending time with my wife, Kathy, and my hound, Lucy Mae; cooking with cast iron and Tabasco; getting lost on country roads in my Jeep Wrangler
  • Accordance Version:12.x
  • Platforms:Mac OS X, Windows, iOS, Android

Posted 23 October 2014 - 04:03 PM

I've been using the password generator that was built into Apple's Keychain since it was released with Mavericks a year or so ago. It's kind of a poor man's 1Password from what I understand. It's worked well for me except for two areas:

 

1. It only works on Apple's devices. That covers me most of the time, but I do use a Windows laptop for part of my work, and I occasionally try out other devices (such as using a Windows Phone this past summer). In those cases, I have to have an Apple device handy to look up passwords if I don't want to reset them.

 

2. Dedicated apps do not seem to work with password managers--unless I'm missing something. For instance, Apple's Keychain will store my American Express password and fill it in if I go directly to the Amex website. However, if I use the American Express iOS app, I have to be able to enter the password myself. It's a shame that there's not some way to make Keychain (or any of the other password managers) work with the dedicated apps--again, unless they do, and I've missed that feature.


Richard Mansfield

Technology Evangelist

Accordance Bible Software

 


#14 pme

pme

    Member

  • Active Members
  • Pip
  • 18 posts
  • Gender:Male
  • Accordance Version:12.x
  • Platforms:Mac OS X, iOS

Posted 28 October 2014 - 03:37 PM

For those old enough to remember, the definition of a password is the sticky note attached to the top of your computer.
Definitely love 1P




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users