Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Dropbox Adds 2-Factor Authentication

Dropbox has announced on their blog that they have enabled 2-factor authentication for access to Dropbox. The feature is not turned on by default.

When enabled by the user, access to the account will require the account password and a security code that will either be texted to a designated mobile phone number or generated by a mobile authenticator app (available for iOS, Android, Blackberry and Windows Phone 7).

Users can tell Dropbox to trust a particular computer, removing the need for the second factor on that system. This isn't a meaningful vulnerability, and it makes Dropbox use convenient for the user while addressing the real problem, which is access by outside 3rd parties, either through password guessing or breaches of other databases.

The security code generation is based on an open standard, TOTP: Time-based One-time Password Algorithm, so 3rd party generator apps may be used for the code. Dropbox specifically mentions Google Authenticator (used for Google's 2FA on their services), Amazon's AWS (Amazon Web Services) MFA (Multi-Factor Authentication) for Android, and Microsoft's the 3rd party Authenticator app for Windows Phone 7.