Report Why is it not possible to sync two vaults to the same cloud storage in Cloud Sync Posted February 9, 2019 6 minutes ago, seancojr said: WonderPass, I am curious to know if you've done research to be able to make the following statement—or if this your personal conclusion. I can't imagine that a company as successful as Dropbox made a business decision only for it be deemed as a “flaw in their architecture”. I feel inclined to believe it is more likely they offer this as a solution for reasons related to security. As such, I've taken a few minutes to find reference material that addresses your concern. Dropbox allows third-party developer apps to request access to a Dropbox account via two methods. A specific folder in your Dropbox account. The app can only access files in that folder. All folders and files in your Dropbox account. The second method was previously addressed by Vinod, in his statement: When designing Enpass, the team opted to request access to a specific folder so that a scenario such as the one described above doesn't occur, should a user's OAuth token become compromised—and it could happen, just as Vinod explains, you link your Dropbox account to a device owned by friend/partner/relative, granting them access to all of your folders and files... if their device or the OAuth token used to authenticate to Dropbox become compromised, then too does everything you have depended on Dropbox to securely store. I understand, we are speaking of probability for the incident to occur. What frightens me is what would happen if that did occur and how the user would respond. Someone would be blamed and it would be a a choice between the developers of Dropbox and Enpass. So much to unpack here. Yes I did research this hence I know how it works. Dropbox being big and successful does not make them right in all of their decisions. If you’ve worked for a large company some of the worst design decisions are dressed as a feature because it’s easier than fixing the underlying issue The poor architecture is the failure to anticipate that whilst locking down access of the app it then precludes interaction with those files with other users. You may consider my position arrogant but the fact that Enpass is supposed to allow shared vaults would indicate that this architecture doesn’t fit actual use cases. That the solution is to create this hyper restricted folder indicates that the all or nothing OAUTH model is on reflection a poor design. But frankly my opinion is unimportant as I have deleted Enpass.