Storage

09:31 AM
Connect Directly
Twitter
Facebook
Google+
LinkedIn
RSS
E-Mail
50%
50%

Dropbox Adds 2-Factor Authentication

Dropbox users can set their account to require a second authentication code when accessed from an untrusted computer. The code can be obtained via SMS text message from Dropbox or through a mobile app on available for iOS, Android, Blackberry and Windows Phone 7.

Dropbox has announced on their blog that they have enabled 2-factor authentication for access to Dropbox. The feature is not turned on by default.

When enabled by the user, access to the account will require the account password and a security code that will either be texted to a designated mobile phone number or generated by a mobile authenticator app (available for iOS, Android, Blackberry and Windows Phone 7).

Users can tell Dropbox to trust a particular computer, removing the need for the second factor on that system. This isn't a meaningful vulnerability, and it makes Dropbox use convenient for the user while addressing the real problem, which is access by outside 3rd parties, either through password guessing or breaches of other databases.

The security code generation is based on an open standard, TOTP: Time-based One-time Password Algorithm, so 3rd party generator apps may be used for the code. Dropbox specifically mentions Google Authenticator (used for Google's 2FA on their services), Amazon's AWS (Amazon Web Services) MFA (Multi-Factor Authentication) for Android, and Microsoft's the 3rd party Authenticator app for Windows Phone 7.

Comment  | 
Print  | 
More Insights
Hot Topics
2
Stand-Alone SSD Vendors: A Vanishing Breed
Howard Marks, Network Computing Blogger,  7/10/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
Video
Slideshows
Twitter Feed