Dropbox New Plans: Pay If You Want 2FA
dropbox.comEngineering Manager at Dropbox here. Sorry for the confusion! This is an error on that page, presumably some miscommunication between groups at Dropbox. 2FA continues to be an available feature for all Dropbox users. The only difference between plans is that team plans allow administrators to require 2FA for all members of the team. That page will get updated soon to explain that feature properly.
See https://www.dropbox.com/help/363 for more information.
Just to close the loop here, we’ve updated the page to include a checkmark for 2FA in the Pro column too. Again, all account types can use 2FA (and we recommend that they do!), and teams can additionally require 2FA for all their members.
See the updated page here: https://www.dropbox.com/plans?trigger=nr.
So while you're here, why is Smart Sync locked behind a 40$ price upgrade?
Does that means that API access isn't getting deprecated as well for Individual accounts?
Control-F "API access for data transport”
> Transfer data from your existing solutions with 25,000 included API calls per month. For additional data transport needs, contact our sales team.
Absent for individual accounts.
I'm not 100% sure what that is about, but I'm pretty sure it relates to new functionality for migrating data from existing file servers.
The API at https://www.dropbox.com/developers works for all account types. (Note that there are endpoints specific to team accounts when the functionality only makes sense there, like methods to add or remove members from a team, etc.)
Thanks for taking the time to reply. I really appreciate it.
Thanks smarx. Also, hi smarx! Been a while! ;)
Edit: Seems 2FA is in fact available on all team plans. Please disregard.
What incredibly poor planning on their part. Put me down for 10 on "reversal of decision following shaming by security community".
I'm sure Dropbox is going to get a lot of flak for this. 2FA based on the provider that they use may not have been cheap. Authy is $0.09 an auth, if you integrate with Twilio, you get SMS charges that vary on price based on country / provider.
The easiest/cheapest solution is to roll your own TOTP and build an app. This is useful for web, but may be pointless on mobile (if the mobile device is unlocked, then you have access to the TOTP app or SMS).
Business people probably looked at the cost per user and couldn't offer it at a lower rate.
You wouldn't need to roll your own app. Just use the Microsoft Authenticator app or the Google Authenticator app, they're the same thing and don't require a direct connection to the user account. Lots of articles on the net on how to accomplish this kind of thing for $0 in extra services.
They support 2FA through SMS / TOTP / U2F. Yes, if most of their customers use GA / etc it is free, but that isn't their only option...
If they implemented a provider, they will also charge for TOTP authentications.
Isn't 2fa by sms bad though? You hear a new case almost every week of someone whose telco was socially engineered to gain access to their phone number linked 2fa/account recovery.
Bad is relative, it is bad compared to other more secure methods. But if you can't guarantee that your users have a smartphone, SMS is still a needed option.
I enabled 2FA on my Pro Dropbox account because they allowed my account to be hacked back in August. Now I have to pay for their security mistakes?
Wow this is shocking. A big step back for user security. Even a paid Pro account for individuals does not include 2FA?!
I just checked and my Pro account for Individuals still shows 2FA "enabled" so this page is confusing.
They upgraded "Pro" accounts to "Advanced" accounts without cost changes for ~1 year. After that you will have to pay $4.25 more per month for the "Standard" plan in order to keep MFA.
"To give you the most powerful admin control and security features, we’ve upgraded you to Advanced at no extra charge. You’ll keep your original pricing until January 6, 2018. After that, your account will adopt our new storage plans and pricing. If you want to downgrade to Standard, you’ll have until January 6, 2018 to do so."
You're conflating a few different plans here -- "Standard" and "Advanced" are for teams only (minimum of 5 people). The only paid plan available for individuals is "Pro", which no longer offers TFA.
Looks like you were already on the business account, not an individual account, which is what we are discussing.
Hmm, I have no idea then. I just renewed my $99 personal account a few weeks ago. Not a business account from what I can tell. Invoice: http://imgur.com/eUpsaem
My account still shows Pro, not Advanced. Also, why didn't I get any emails from DB about this? Maybe they are rolling things out gradually and my account is not affected yet.
And they hide important features in the team tier, but set the team tier to a minimum of 5 users.
E: Wait, WHAT IN THE FUCK?
2FA is in the team tier, so it's a minimum of 50$ to get 2FA.
This is sad news. While they've had their issues, I've always found dropbox to be one of the more responsible and reliable tech companies. Supplying 2fa for only paid users almost seems like they're taking hostages - "Pay us more or your account will be less secure" doesn't sound like a company whose services I would want to be using. Shame.
Not seeing anything about this. When I clicked the link I got pushed to a re-subscribe page since I previously signed up. Opening in Incognito also doesn't show anything about 2FA.
EDIT: Screenshots provided below now. They already rolled the page back.
The paid "pro" plan has no 2FA. "standard" does, but is a few extra dollars a month.
Beside the poorly named accounts, the idea of paying for security is a good one, but not when it affects the customer experience of securing their own passwords. Security in the infrastructure is an option. Optionally securing my account using 2FA is not.
Dropbox, you are being dorks.
> The idea of paying for security is a good one
But the Pro account is a paid service, and still does not include 2FA. Which makes absolutely zero sense for users in today's world.
Not a few extra dollars. Standard is a TEAM tier. 2FA costs 50$ now.
They's weird, I just clicked on the link and it was there...
My free account definitely still has 2FA. Does this mean if I upgraded to "Pro" I'd actually lose that feature?
No. See Smarx's comment. Every Dropbox account can have 2FA.
Is there no more free-tier? I thought pricing pages usually included the free tier in it to demonstrate what money buys.
Did anyone manage to grab a screenshot? Looks like it's been rolled back. No mention of 2FA anywhere.
https://i.imgur.com/bACMgsI.png
Sorry, it's in Russian (and I'm too lazy to change browser language perfs), but you can find "2FA" there, the abbreviation was left untranslated.
It's still showing for me [0]. I just cancelled my account. [0] http://imgur.com/v150a7w
Just a heads up, this was a mistake on the marketing page: https://news.ycombinator.com/item?id=13537043
Here you go: https://cl.ly/3q3d293k2N3X
It's also a 92% increase in price for Business plans, for a decrease in storage. Ridiculous.
I find it odd that not even the Pro plan has 2FA according to the pricing matrix.
That's the kicker to me as well. It suggests that Dropbox doesn't appreciate their self-employed customers.
That and showing prices "per month" on the billed annually plan just suggests deceit and greed. All of this confusion for an extra ~$25 per year per user.
The $25/user/year increase is if you downgrade to "Standard". To keep the existing features, you need to select the "Advanced" plan, which is a $115/user/year increase!
Odd they would do this considering all their competitors offer 2FA for free...
I opened a support ticket to give my opinion, I suggest you all do the same.