After the recent security breach experienced by some users of cloud storage service Dropbox, the company has announced that it is beginning to introduce two-factor authentication in an effort to improve cloud security. This means that users will have one extra step in the login process, but Dropbox hopes this change will mean keeping data stored in the cloud safe from cyber attacks.
The new system is optional, and fairly similar to Google’s new two-factor authentication method. Users will have the option to add their mobile devices to a whitelist and authenticate them to access their account. Then users can receive unique access codes via text or mobile app that supports the Time-Based One-Time Password system.
Examples of apps that can be used for two-factor verification include Google Authenticator, which works with iPhone, Android, and Blackberry smartphones; Amazon AWS MFA for Android; and Authenticator for Windows Phone 7. Upon entering their password and the authentication code they received, Dropbox users can then obtain access to their account.
Dropbox is a popular cloud storage service used by millions of individuals and business professionals. Since Dropbox users often store sensitive types of files or data in the app, such as passwords, financial data, and other business or personal information, the company vowed to improve security measures after company officials learned of the attack.
For business users, this security measure might be worth the extra step so as to protect sensitive company data.
Dropbox has also announced a few other security measures since the breach, including automated mechanisms to help identify suspicious activity, a new page that lets users see all active logins on their account, and more vigilant measures regarding passwords and other secure data.
Users with the latest beta version of Dropbox have the option to switch on the two-factor authentication if they so choose. The new feature will become available to all users in the coming weeks.
On the one hand I love my Paypal 2 stage authentication because I don’t use it so often, but will I want the faff of that for Dropbox which I use all the time.
Soon we’ll be naked in airport security and providing DNA samples (or worse) to log on to Facebook, but I bet half the world still has ‘password’ as it’s password 🙂
Finally! I’ve been waiting for this to be released. They promised it a while ago – I guess it takes a security breach for them to rethink authentication!
Many people are still wary of placing their important files in the cloud, so this will go a long way in easing those fears for mainstream users and late adopters.
Even if it is late it’s nice to see that leading companies in their respective verticals are giving users the better balance between security and user experience by implementing 2FA which allows us to telesign into our accounts. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your files are secure. I’m hoping that more companies start to offer this awesome functionality. This should be a prerequisite to any system that wants to promote itself as being secure.
You’re definitely seeing this more and more, not only with web services like drop box but security best practices across the board. This is especially a best practice for bank account sign-in. Some banks require their users enter their password as well as give the answer to their security question.