Limit Dropbox access to a Storyist folder

[green_knight]

Since Dropbox, too, is affected by the Heartbleed exploit, I changed my password like a good netizen. And found that a changed password does not revoke access to any of the devices I have linked with my account, nor to the Storyist app.

 

I'm not using Dropbox for anything important right now, but I still feel that this is a possible security exploit. I would feel much better if it would be possible to limit the access to a Storyist folder and hide the rest of the account from casual view.

 

(I know this is an issue for Dropbox, which seems less and less safe the more I poke it, but if this can be fixed on your side, it would make things safer.)

[Steve]

Hi green_knight,

 

Thanks for the request.

 

I'm not sure this would buy you any additional security. If you have the Dropbox app on your iPad, someone would be able to see all the files in your Dropbox if they had your iPad and your iPad passcode.

 

Note that you can unlink specific apps from Dropbox via the website. You can do this after changing your Dropbox password to require apps to log back in again.

 

-Steve

[Simon]

Just happen upon this post. Dropbox grants access to Storyist via access tokens not your password, which is why changing your Dropbox password didn't revoke access to Storyist. The access token was still valid and irrespective of your password. Storyist doesn't interact with Dropbox via your password.

[Steve]

Hi Simon,

 

Correct. Dropbox (along with Google, Microsoft and others) uses OAuth 2.0 for access control, and does not revoke previously issued access tokens when the account password changes. You'd need to use the link above to do that.

 

-Steve

[Femtobeam]

Thank you for this posting. I believe things have moved to Open ID Connect, built on OAuth 2.0 have they not? In any event, I ended up abandoning the Microsoft ecosystem entirely for Apple and Google, due in part to Dropbox on my old HP desktop. It was being used to upload files (and erase them entirely) from my desktop. There is another feature of enabling Dropbox on the desktop and that is a persistent user credential on the device. I have never touched it since. I use iCloud or Google Drive and have a Box acccunt just to upload and save files. It is much safer! I also only buy apps from the App Store and use ESET.