DropboxSeveral weeks after announcing that some of its users’ log-ins and passwords had been stolen, file storage company Dropbox announced it has added a two-step authentication process over the weekend to help reinforce the security of its users’ accounts.

The added layer of security is currently optional but can be selected after users opt in, then check the ‘Security’ section of their “Settings.’ From there, users have the option to enable two-step verification by re-entering their password and choosing whether they’d like to receive their security codes by text messages or via a mobile app. By electing to receive codes by text message, the company will send a security code to the user’s phone, which must be re-entered whenever accessing the site.

By using a mobile app, users have the ability to rely on an application (akin to the Google Authenticator or Amazon AWS MFA) that — with the help of a time-based One-Time Password (TOTP) protocol — generates its own security code which is then entered on the site.

Users of the online storage site complained in July that emails associated with their accounts were getting increasingly bogged down with gambling and casino spam. The company went as far as to call in a team of specialists to look into the issues before admitting in August that a file containing users’ emails and passwords was swiped from the account of a Dropbox employee.

Google added two-factor authentication to its Gmail service last year before eventually expanding it to users in 40 languages in 150 countries worldwide. The authentication approach takes a few minutes longer than entering a usual password but acts as an added layer of security.

Categories: Privacy, Web Security

Comments (2)

  1. Henry


    It would be nice to see more of the leading companies in their respective verticals start giving us users the perfect balance between security and user experience by implementing 2FA which allows us to telesign into our accounts. I know some will claim that 2FA makes things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure.  I’m hoping that more companies start to offer this awesome functionality. This should be a prerequisite to any system that wants to promote itself as being secure.


  2. Anonymous

    The app can be used offline if the time sync is perfect, but you need to synch it often.


Comments are closed.