
Dropbox New Plans: Pay If You Want 2FA - saool
https://www.dropbox.com/plans
======
smarx
Engineering Manager at Dropbox here. Sorry for the confusion! This is an error
on that page, presumably some miscommunication between groups at Dropbox. 2FA
continues to be an available feature for all Dropbox users. The only
difference between plans is that team plans allow administrators to _require_
2FA for all members of the team. That page will get updated soon to explain
that feature properly.

See [https://www.dropbox.com/help/363](https://www.dropbox.com/help/363) for
more information.

~~~
smarx
Just to close the loop here, we’ve updated the page to include a checkmark for
2FA in the Pro column too. Again, all account types can use 2FA (and we
recommend that they do!), and teams can additionally _require_ 2FA for all
their members.

See the updated page here:
[https://www.dropbox.com/plans?trigger=nr](https://www.dropbox.com/plans?trigger=nr).

~~~
Mithaldu
So while you're here, why is Smart Sync locked behind a 40$ price upgrade?

------
sparky_
What incredibly poor planning on their part. Put me down for 10 on "reversal
of decision following shaming by security community".

------
omgitstom
I'm sure Dropbox is going to get a lot of flak for this. 2FA based on the
provider that they use may not have been cheap. Authy is $0.09 an auth, if you
integrate with Twilio, you get SMS charges that vary on price based on country
/ provider.

The easiest/cheapest solution is to roll your own TOTP and build an app. This
is useful for web, but may be pointless on mobile (if the mobile device is
unlocked, then you have access to the TOTP app or SMS).

Business people probably looked at the cost per user and couldn't offer it at
a lower rate.

~~~
alexkavon
You wouldn't need to roll your own app. Just use the Microsoft Authenticator
app or the Google Authenticator app, they're the same thing and don't require
a direct connection to the user account. Lots of articles on the net on how to
accomplish this kind of thing for $0 in extra services.

~~~
bmon
Isn't 2fa by sms bad though? You hear a new case almost every week of someone
whose telco was socially engineered to gain access to their phone number
linked 2fa/account recovery.

~~~
omgitstom
Bad is relative, it is bad compared to other more secure methods. But if you
can't guarantee that your users have a smartphone, SMS is still a needed
option.

------
9NRtKyP4
I enabled 2FA on my Pro Dropbox account because they allowed my account to be
hacked back in August. Now I have to pay for their security mistakes?

------
hellofunk
Wow this is shocking. A big step back for user security. Even a paid Pro
account for individuals does not include 2FA?!

~~~
hellofunk
I just checked and my Pro account for Individuals still shows 2FA "enabled" so
this page is confusing.

~~~
nathantotten
They upgraded "Pro" accounts to "Advanced" accounts without cost changes for
~1 year. After that you will have to pay $4.25 more per month for the
"Standard" plan in order to keep MFA.

"To give you the most powerful admin control and security features, we’ve
upgraded you to Advanced at no extra charge. You’ll keep your original pricing
until January 6, 2018. After that, your account will adopt our new storage
plans and pricing. If you want to downgrade to Standard, you’ll have until
January 6, 2018 to do so."

~~~
bpaluzzi
You're conflating a few different plans here -- "Standard" and "Advanced" are
for teams only (minimum of 5 people). The only paid plan available for
individuals is "Pro", which no longer offers TFA.

~~~
nathantotten
Yeah, but thats what their message tells me...

[http://imgur.com/a/O8B1q](http://imgur.com/a/O8B1q)

[Edit: fixed link]

~~~
hellofunk
Looks like you were already on the business account, not an individual
account, which is what we are discussing.

------
Mithaldu
And they hide important features in the team tier, but set the team tier to a
minimum of 5 users.

E: Wait, WHAT IN THE FUCK?

2FA is in the team tier, so it's a minimum of 50$ to get 2FA.

------
bmon
This is sad news. While they've had their issues, I've always found dropbox to
be one of the more responsible and reliable tech companies. Supplying 2fa for
only paid users almost seems like they're taking hostages - "Pay us more or
your account will be less secure" doesn't sound like a company whose services
I would want to be using. Shame.

------
robbiet480
Not seeing anything about this. When I clicked the link I got pushed to a re-
subscribe page since I previously signed up. Opening in Incognito also doesn't
show anything about 2FA.

EDIT: Screenshots provided below now. They already rolled the page back.

~~~
kordless
[http://imgur.com/a/mO8KQ](http://imgur.com/a/mO8KQ)

The paid "pro" plan has no 2FA. "standard" does, but is a few extra dollars a
month.

Beside the poorly named accounts, the idea of paying for security is a good
one, but not when it affects the customer experience of securing their own
passwords. Security in the infrastructure is an option. Optionally securing my
account using 2FA is not.

Dropbox, you are being dorks.

~~~
hellofunk
> The idea of paying for security is a good one

But the Pro account is a paid service, and still does not include 2FA. Which
makes absolutely zero sense for users in today's world.

------
ac29
My free account definitely still has 2FA. Does this mean if I upgraded to
"Pro" I'd actually lose that feature?

~~~
nickm12
No. See Smarx's comment. Every Dropbox account can have 2FA.

------
keehun
Is there no more free-tier? I thought pricing pages usually included the free
tier in it to demonstrate what money buys.

------
RickS
Did anyone manage to grab a screenshot? Looks like it's been rolled back. No
mention of 2FA anywhere.

~~~
thomasdub
It's still showing for me [0]. I just cancelled my account. [0]
[http://imgur.com/v150a7w](http://imgur.com/v150a7w)

~~~
maccam94
Just a heads up, this was a mistake on the marketing page:
[https://news.ycombinator.com/item?id=13537043](https://news.ycombinator.com/item?id=13537043)

------
bpaluzzi
It's also a 92% increase in price for Business plans, for a decrease in
storage. Ridiculous.

------
juice_bus
I find it odd that not even the Pro plan has 2FA according to the pricing
matrix.

~~~
schnevets
That's the kicker to me as well. It suggests that Dropbox doesn't appreciate
their self-employed customers.

That and showing prices "per month" on the billed annually plan just suggests
deceit and greed. All of this confusion for an extra ~$25 per year per user.

~~~
bpaluzzi
The $25/user/year increase is if you downgrade to "Standard". To keep the
existing features, you need to select the "Advanced" plan, which is a
$115/user/year increase!

------
alexkavon
Odd they would do this considering all their competitors offer 2FA for free...

------
antoineleclair
I opened a support ticket to give my opinion, I suggest you all do the same.

