Following the unauthorised access of some its users’ usernames and passwords back in July, the team at Dropbox had vowed to improve the security of their file-synchronisation service by introducing two-factor authentication. The good news is that the feature has now been switched on and you can enable it on your account for beta testing.
By switching on two-factor authentication, you will now be able to add your devices to a whitelist, authenticate them to access your Dropbox account and (hopefully) reduce the chances of an attacker gaining access to your important files.
In order to do so, you need to make sure that you have the latest beta version of Dropbox (1.5.12) installed, which can be obtained from here. Next, visit the Dropbox security page (when signed in) and enable the two-factor authentication feature right at the very bottom.
Once it is set up, you will be able to receive unique access codes via SMS, or via an app that uses Time-based One-Time Password (TOTP) — which includes Google Authenticator (Android/iPhone/BlackBerry), Amazon AWS MFA (Android) and Authenticator (Windows Phone 7).
If you’ve already switched on two-factor authentication on your Google account, it will all be very familiar.
You might be asking why Dropbox has decided to roll this out now. Back in July, it emerged that a number of users were receiving spam on accounts that were only used for Dropbox purposes. The company did some investigating and found that some user’s credentials had been leaked on a third-party website, one set of which belonged to a Dropbox employee.
Using the Dropbox employee’s login details, the attackers had been able to gain access to another list of users, which then started to receive spam and unsolicited mail.
Given the nature of the files that some Dropbox users store on their accounts (payment details, passwords and other sensitive information), the company was quick to state that it would roll out the new security feature to make it harder for attackers to gain access to other users’ accounts.
Dropbox will be rolling this out to all accounts via an app update in the very near future, but if you want to try it now you can do so using the steps noted above.
[Image Credit: Johanl]