Several weeks after announcing that some of its users’ log-ins and passwords had been stolen, file storage company Dropbox announced it has added a two-step authentication process over the weekend to help reinforce the security of its users’ accounts.
The added layer of security is currently optional but can be selected after users opt in, then check the ‘Security’ section of their “Settings.’ From there, users have the option to enable two-step verification by re-entering their password and choosing whether they’d like to receive their security codes by text messages or via a mobile app. By electing to receive codes by text message, the company will send a security code to the user’s phone, which must be re-entered whenever accessing the site.
By using a mobile app, users have the ability to rely on an application (akin to the Google Authenticator or Amazon AWS MFA) that — with the help of a time-based One-Time Password (TOTP) protocol — generates its own security code which is then entered on the site.
Users of the online storage site complained in July that emails associated with their accounts were getting increasingly bogged down with gambling and casino spam. The company went as far as to call in a team of specialists to look into the issues before admitting in August that a file containing users’ emails and passwords was swiped from the account of a Dropbox employee.
Google added two-factor authentication to its Gmail service last year before eventually expanding it to users in 40 languages in 150 countries worldwide. The authentication approach takes a few minutes longer than entering a usual password but acts as an added layer of security.