Drop Box

[AdamZ]

Does anyone have any experience with Drop Box? I have a password app on my Droid X called Pocket and it offers the opportuinty to set up a Drop Box account. I've put off doing it becuase I was concerned about security and having my info out there in the world.

Now I've run into a problem where Verizon is replacing my phone because of a problem with the mouthpiece. I'm not egar to retype ALL my gazillion passwords into the app when I reinstall it on the new phone and I though the drop box may be the way to go.

Any comments or experience with this product??

 

[Rob Schaffer]

Any way to export the passwords and info out of that app via email or something?

I use drop box for a few projects here at work and it is nice. Kind of like a live FTP site that I can place items in and access anywhere that I have drop box loaded, instantly. Works like a shared folder system if you have a network of computers installed, no matter whether that computer is actually on the physical network or some guys laptop on a business trip.

Install on your phone, install on your home PC, and any file you have in that 'box' will be visible and editable.

 

[mikea]

Drop Box is OK, just realize that they finally admitted that employees can access your stuff because they have the keys. Don't leave private things on there, or make sure you put the stuff is an encrypted file before sending it (like a password-proteced zip file.)

SpiderOak is better for security. Nobody but you has the key. AND THEY HAVE AN ANDROID APP https://spideroak.com/

 

[mikea]

The best place to store your passwords is LastPass and they have an Android app, too.

http://lastpass.com/

 

[TangoWhiskey]

I use and enjoy DropBox... keeps my important files automatically synced between multiple computer (home, work, iPad) and lets me access them on the road. Also, any item dropped into your "Public" folder can be instantly sent to someone else by right clicking on that item and selecting DropBox > Copy Public Link, then sending that link to the other person. They can then retrieve that single item, without having a Dropbox account themselves. This is WAY easier than FTP for sending large files. I created a large multi-media training program in Adobe Captivate, and was able to send it to the corporate training department for inclusion in their learning management system quite easily... the lady on the other end of that transaction wasn't FTP savvy, so this worked very very well.

 

[AdamZ]

Drop Box is OK, just realize that they finally admitted that employees can access your stuff because they have the keys. Don't leave private things on there, or make sure you put the stuff is an encrypted file before sending it (like a password-proteced zip file.)

SpiderOak is better for security. Nobody but you has the key. AND THEY HAVE AN ANDROID APP https://spideroak.com/

Well anything that I'm going to have a password for is going to be private such as online banking logins, account numbers, Web logins etc. so I guess that puts the kabash on that.

 

[JimNtexas]

SugarSynch is similar to dropbox, but has better security and a bit more sophisticated clients for all the popular platforms.

 

[Ghery]

My fraternity uses Dropbox for committee documents. My only problem is that I get e-mails from them now and then saying that I have too many documents (taking up too much space) and wanting me to pay money to upgrade. Hey, I didn't create the account and don't care one way or the other. I don't have heartburn with someone at HQ sending me an e-mail with attachments and I'll keep copies on my laptop.

It is convenient, however.

 

[Teller1900]

I use it a ton. I'm no computer guru, so I can't speak to the security, but I was under the impression that for anything put the public folder, specific password access was required. I use it for a lot of work related stuff (receipt images for expense reports, manuals, pictures, documents, etc), and the company as a whole uses it for A LOT! The entire training department runs off it. I really like it, but that opinion is worth exactly what you paid for it!

 

[jason]

Well anything that I'm going to have a password for is going to be private such as online banking logins, account numbers, Web logins etc. so I guess that puts the kabash on that.

No kabash, because the thing that you store your passwords in should encrypt that for you.

I store my passwords in software called 1Password. The file that it produces is 100% encrypted. I could post it on the internet and nobody could do anything with it. So storing it in dropbox is irrelevant.

Dropbox is a good service. It isn't designed to be an encryption mechanism. If you do sign up, use this link and we'll both get extra space for free.

http://db.tt/qn2hl7B

 

[Everskyward]

I also used Dropbox to keep certain files in sync between computers. It seems much faster at uploading than Sugarsync which I also use.

 

[jason]

SpiderOak and Lastpass are safe. Nobody but you can ever get the data. Only you have the key.

DropBox is OK, but it's not subpoena-proof....or employee-mischief proof. They depend on such as any employee who sells out your data for $100,000 is gonna get fired.

Once again I will repeat. If your password software is properly encrypting the data...then it doesn't matter if you upload it to dropbox or post it here for the world to see. It doesn't matter if it is subpoenaed or stolen by an employee. Nothing will happen to your passwords.

Anybody that uploads unencrypted sensitive data to dropbox (or any other online site) and expects it to be their data and their data only is doing it wrong. It doesn't matter the service or what they say their procedures are. LastPass made everybody reset their passwords just a few months back because they spotted an "anomaly".

In the scenario that Adam is proposing. Assuming that he's verified and trusts that the password software properly handles the data files...his data is not at risk.

 

[jason]

Gotcha, but he's not saying he has his passwords in a utility so he needs something that can access them and save them, like Lastpass.

Do you have direct access to /etc/passwd on Android?

You know that even if you copy that - and it is minimally encrypted - it can be attacked to get the passwords with enough effort.

Yes, he is saying that he has his passwords in a utility. He said that he had an Android app called Pocket and that it had dropbox sync support built in.

 

[denverpilot]

Android doesn't use /etc/shadow? Shame shame.

 

[mikea]

Yes, he is saying that he has his passwords in a utility. He said that he had an Android app called Pocket and that it had dropbox sync support built in.

Oh, yeah. I saw that at first. Reading comprehension fail.

Hey, Adam *nevermind* Dropbox will be safe for your passwords from Pocket.

 

[TangoWhiskey]

So, click the "Permissions" tab for Pocket:

https://market.android.com/details?id=com.citc.wallet&hl=en

With "Full Internet Access", I'm not loading any passwords into a third party utility unless I can see the source code and compile it myself. I don't know who "Tim Clark" is. Could be a hacker in the Ukraine or Nigeria who has the app send him the un-encrypted passwords you enter.

Color me paranoid...

 

[TangoWhiskey]

OK, somebody has reviewed his code... but I'm not sure who the somebody is. Still, this is interesting reading:

http://pocket-for-android.1047292.n5.nabble.com/Code-review-and-encryption-procedure-td4539761.html

The code review only addressed the portion of the code that does the encryption and manages your password to access the app. Since Tim says in post #2 that he won't make the entire project open source, there still is no guarantee that the information you enter doesn't get uploaded to some trojan listening port somewhere.... just sayin!

 

[flyingcheesehead]

I use DropBox, mainly for work. We'll store active project files in DropBox, and it's easy to access them from whatever computer I might be using, yet I can still use the files offline as well. It's a very handy system.

 

[gprellwitz]

No kabash, because the thing that you store your passwords in should encrypt that for you.

I store my passwords in software called 1Password. The file that it produces is 100% encrypted. I could post it on the internet and nobody could do anything with it. So storing it in dropbox is irrelevant.

Dropbox is a good service. It isn't designed to be an encryption mechanism. If you do sign up, use this link and we'll both get extra space for free.

http://db.tt/qn2hl7B

Done. Thanks!

 

[AdamZ]

Mike as Jason said "Pocket " does encrypt my data. This was confirmed when I tried drop box and the data transferred then when I tired to open the data from my laptop ( passwords are stored on my Droid) it was like I was reading Klingon LOL.

 

[TangoWhiskey]

Do any of these password apps we've been talking about for Android allow me to SHARE my password file (or part of it) with another person. I like the idea of randomly generating strong passwords for every account, but my wife also needs access to know what the current password is for certain accounts (banking, etc.).

 

[TangoWhiskey]

Do any of these password apps we've been talking about for Android allow me to SHARE my password file (or part of it) with another person. I like the idea of randomly generating strong passwords for every account, but my wife also needs access to know what the current password is for certain accounts (banking, etc.).

Answered my own question:

http://pocket-for-android.1047292.n5.nabble.com/Syncing-Guide-td4791791.html

Looks like you can sync the file off dropbox back to a second device... but it's the entire file. So we could use Pocket for shared accounts. I've downloaded the app... will have to see if it lets me have multiple files (shared vs personal).

 

[rainsux]

In addition to the goofy/insecure password model that DB uses ... Their ToS allow them to keep copies of your files ... Even after you delete them.

Wuala is an alternative that actually protects what you entrust to them.