I have been using 1Password to move from "less secure" to "more secure" passwords. Like many people, I got into the bad habit of reusing a (relatively weak) password - let's call it "pa$$word" - on many different sites. I recently made a "New Smart Folder" in 1Password tasked with finding any site where my password is "pa$$word," and have been browsing the results.
To change my Dropbox password, I logged in
I expected that I would have to update all of my Dropbox clients (iMac, MacBook Pro, and iPhone) and change the password on each of them. I didn't. Dropbox automatically told all of the clients, "Hey, the password changed, and since you're an authorized client, here's the new information." Even the iPhone client automatically updated. It was smooth as could be. In fact you could say it "just worked."
MobileMe, on the other hand, "just didn't" -- at least not easily.
I logged into
I can only assume that some web developer at Apple believes that preventing people from pasting into the password field is "more secure" (debate that as you will). There are two problems with this argument. First, it completely breaks one of the basic user interface elements of every operating system since copy/paste was invented. There is absolutely no explanation from the UI
Second, and more importantly, the most likely outcome of preventing me from pasting into the field is that I will use an easier, less secure, password. It took me several attempts to get the extremely strong password right twice, something that 1Password will get right every time. (1Password "pro tip": click the "Advanced Options" in the "Strong Password Generator" window and choose "Pronounceable" to get a strong but easier-to-type alternative.) The iDisk application on the iPhone and the MobileMe preference panel on the Mac will both accept "paste" commands as expected.
Unfortunately, it went downhill from there. A few minutes after I changed my MobileMe password, a warning popped up on my iMac telling me that my MobileMe credentials had changed. I opened the MobileMe preference panel and had to sign out. When I entered my new password, my sync history was deleted. My contact/calendar/etc information was still there, but it was as if I had never sync'd with MobileMe before, meaning that I had to go back into the "Sync" tab and re-check all of the options. Anyone who has used MobileMe sync knows what that means: I'm going to be seeing "Conflict Resolver" for the rest of the day, on each of the computers I sync to MobileMe. My local iDisk cache was moved to a "Previous local iDisks" folder on my Desktop, meaning that I have to re-sync all of that information as well. Given that I could have up to 20GB of information on my iDisk, that could be a fairly lengthy process.
In sum, it could not be any more painful or inconvenient to change your MobileMe password, and it couldn't be any easier to change your Dropbox password.
"BUT!! BUT!! BUT!!!!" I hear someone say "What if you lost your iPhone or your laptop?!?! Someone could get your Dropbox information even if you changed it!!!" It is true that changing your Dropbox password is not sufficient to protect your account if you lose a computer or iPhone linked to your Dropbox account. If that happens to you, the first thing you should do is go to your Dropbox account on the website, click on the "Account" link, then click on "My Computers" and unlink it from there. (Then I would suggest that you change your Dropbox password anyway.)
You can unlink computers from your MobileMe account as well, but you must
The Dropbox iPhone application has an option to require a passcode every time you launch Dropbox. The iDisk iPhone application has no such option. (I'm assuming that you know the iPhone has a similar system-wide function at Settings » General » Passcode Lock. If you aren't using it, you should be.)
Dropbox is also considering a "remote wipe" function which would allow you to remotely delete any files from a lost/stolen computer. If you are a Dropbox user, you can vote in favor of that feature here.
There is no way to remove locally stored information from an iDisk from a lost/stolen Mac. Changing your password won't do it, as MobileMe will simply put a "Previous local iDisks" folder on the Desktop of that computer. I suppose you could turn iDisk Sync off all together, but iDisk is painfully slow even with local sync on, and of course then you couldn't use your iDisk files offline either.