Dropbox Adds 2-Factor Authentication
Category: Tablets, Smartphones, Desktop PCs, Notebooks
Dropbox has announced on their blog that they have enabled 2-factor authentication for access to Dropbox. The feature is not turned on by default.
When enabled by the user, access to the account will require the account password and a security code that will either be texted to a designated mobile phone number or generated by a mobile authenticator app (available for iOS, Android, Blackberry and Windows Phone 7).
Users can tell Dropbox to trust a particular computer, removing the need for the second factor on that system. This isn't a meaningful vulnerability, and it makes Dropbox use convenient for the user while addressing the real problem, which is access by outside 3rd parties, either through password guessing or breaches of other databases.
The security code generation is based on an open standard, TOTP: Time-based One-time Password Algorithm, so 3rd party generator apps may be used for the code. Dropbox specifically mentions Google Authenticator (used for Google's 2FA on their services), Amazon's AWS (Amazon Web Services) MFA (Multi-Factor Authentication) for Android, and Microsoft's the 3rd party Authenticator app for Windows Phone 7.
Follow Larry Seltzer and BYTE on Twitter, Facebook, LinkedIn, and Google+: