Dropbox Introduces Two-Step Security Authentication
Popular cloud-based storage site Dropbox adds two-step authentication in an effort to beef up security.The online storage and file-sharing site Dropbox is rolling out two-step security authentication in the wake of high-profile security breaches affecting Dropbox users and other cloud-based companies. The company announced the news via one of its community tech forums. Two-step verification, offered by sites like PayPal, adds an extra layer of protection to an online account by requiring an additional security code that is sent to the user's phone by text message or generated using a mobile authenticator app. "We'd like to give our loyal forum viewers a chance to try it out first," the post said. Once enabled, Dropbox will require a six-digit security code in addition to the user's password whenever they sign in to Dropbox or link a new computer, phone or tablet. Dropbox gives users the option of using a third-party authenticator application, with support for apps on Google Android, Apple iOS, BlackBerry and Microsoft Windows Phone devices. For security reasons, users will then be asked to re-enter their password to confirm the decision to enable two-step verification. Once this is done, the user is given the choice to receive the security code by text message or to use the aforementioned mobile apps.
If users choose to receive the security codes by text message, whenever they successfully sign in to Dropbox using their password, a text message containing a security code will be sent to their phone. For mobile apps, any app that supports the Time-based One-Time Password (TOTP) protocol should work, including Google Authenticator (for Android devices, iPhone and BlackBerry smartphones), Amazon Web Services (AWS) Multi-Factor Authentication (MFA) (for Android), and Authenticator (Windows Phone 7). Before enabling two-step verification, users receive a special 16-digit backup code.