To say the truth, I don’t use Dropbox much, even I don’t visit its website, but I do install stable and experimental builds of Dropbox on Windows whenever they’re released to know the new features. Today when I installed a new experimental build released by Dropbox team and tried to sign into the service, setup said ”your password has expired. We sent you an email with further instructions or you can create a new password at dropbox.com/password_expired”.
Dropbox expires users passwords which haven’t changed for some time
When I check my email, Dropbox sent a message with subject “please update your expired dropbox password”
We noticed that you recently tried to log in to Dropbox with a password that you haven’t changed in a while. Your old password has expired and you’ll need to create a new one to log in.
Please visit this page to update your password:
When you visit https://www.dropbox.com/password_expired page or when you try to sign into Dropbox with the expired password, you’ll see the following screen with the box provided at the bottom to type your email address to get an email to change the password.
Why Dropbox expires users’ passwords?
It raises the question after how many days a Dropbox user needs to change his password or when Dropbox expires the password if users doesn’t change them? Days or weeks or months?. We know, email services after a minimum of three months deactivate accounts that are no longer active.
This is something different, instead of deactivation they’re resetting passwords on the user’s behalf who haven’t changed for sometime and somehow I am able to find this page where Dropbox answered the reason for why did my password expire?
“We sometimes expire passwords as a proactive security measure. For example, we reset passwords that haven’t been changed in a while. You’ll need to update your password before linking a new computer, phone, tablet, or API app.”
If your password expires, when you login next time into the website, you’ll see the above screenshot where you can enter your email address and follow emails send by Dropbox to change your Password. Company recommends to turn on two step verification for even more security.
It seems file sharing service has started expiring passwords since a week as we’ve found few users reporting on their forum.
What do you say? Is this approach, the decision of resetting password should be left to the user? Or Dropbox is doing the right thing? I think there should be something like similar to in banking sites, where Dropbox should warn users to change their passwords as they’re going to be expired after some number of days.