17 comments

[ 0.21 ms ] story [ 66.3 ms ] thread
This is a lot more useful than that terrible file browser app they created.

However I find Chrome's password manager to be the best, especially when using different profiles for work/personal/etc

What I want is to encrypt my Dropbox files with my own key. I’m constantly looking for alternatives because I find the lack of encryption problematic. I would seriously hope stored logins aren’t encrypted under a single Dropbox key.
I’m being kinda cynical here, but one isn’t allowed to grow to be one of the largest online storage providers without the capability to hand over the keys to the government so we might not ever get to see a widely adopted service that uses encryption in the manner you want.
Personally I created 256 bit encrypted disk images for sensitive stuff and put them on Dropbox. this has worked for quite a few years.
Check out rclone, encrypts file, filename, and file directory (last two are optional).

It’s what freenas uses to back up to backblaze or any s3 bucket. Ive then verified the backups using rclone on ubuntu

Check out cryptomator. Encrypted vaults for wherever you want, so also Dropbox
If you don’t control your encryption keys, you don’t control your encryption.

I’ve used AESCrypt for a while. Open source and no major bugs found under a third-party audit.

I don't feel too strongly for this, something about paying monthly to a 3rd-party just to store your passwords seems like a ticking timebomb. I especially wouldn't rely on Dropbox to handle my credentials for $.

You could essentially just stick with using a free Dropbox account, use your favorite Password Manager, ex. KeepPass, and save your password protected encrypted database backup to your Dropbox account, & load the file from another device, etc, Right?

I'm just too used to using password managers on VM's that i've never found use-case in syncing them between other machines cause that already sounds rediculously dangerous enough, next to storing them on your Untrusted web-browser. It sounds extra, but i'm that paranoid after personally experiencing getting 'hacked'.

I am quite happy to pay 1Password for the same. The benefits of biometric access on my phone and auto filling forms is too hard to pass up.
Any tips on how I can decouple myself from the Google password manager? The convenience of having passwords synced across every signed-in Chrome instance on every device (and even in-app on Android) is still something I haven't found a suitable replacement for yet.
Google password manager doesn't support sharing passwords. As soon as you need that, Google's solution isn't going to be enough for you.
Switch early (now) or switch never

Study the password manager solutions well (I am sure there are some posts for it)

Switch your frequently used first to get used to the new one and switch the rest at your own pace

Is the format compatible with other password databases?
Until Dropbox adopts zero-knowledge encryption across all of its products, it's going to be a hard "no" for me. I'd rather spend my money with companies that take zero-knowledge seriously. According to Dropbox, this product is zero-knowledge encrypted. So at least they're moving in the right direction.
How come it is suddenly accepted to share passwords, something we were always told to keep to ourselves only, with internet companies, in cleartext? Times sure are changing.
>, in cleartext?

at the bottom of the site: "zero-knowledge encryption means that only you can access your passwords."

the data is locally encrypted, so the company in question never sees your data in cleartext. Generally with services like these your vault is unlocked with a master password.