26
Aug
thumb

Several weeks ago, Dropbox suffered a small security breach that gave wrong-doers access to a few unlucky users' email addresses. On the good side, it also brought the vulnerability to the Dropbox staff's attention. Since then, they've been working hard to beef up security, and today, they introduced two-step verification.

2012-08-26_18h06_12

Much like Google's two-factor authentication, once enabled this requires you to login using two different sets of verification: your password and a unique identifier sent in either a text message or generated locally on the device using the authenticator app (which you have the option to get via QR during the set up process).

2012-08-26_18h06_56

After you receive and enter the six-digit code, it will generate a super-strong, 16-digit alpha-numeric passphrase that is required to disable two-step verification in case you ever lose your phone/tablet/laptop... whatever. Keep that in a safe place (read: not in a notepad file stored in your Dropbox folder).

Once all that's finished, you'll need to enter your password and a unique code that will be sent to your phone each time you set up Dropbox on a new device. Yay for security!

In order to set it all up on your account (which we highly recommend) head right here and jump to the bottom of the page. Enjoy.

[via Labnol]

Cameron Summerson
Cameron is a self-made geek, Android enthusiast, horror movie fanatic, and musician. When he's not pounding keys here at AP, you can find him spending time with his wife and kids, plucking away on the 6- or 7-string, or watching The Texas Chainsaw Massacre on repeat.

  • zac

    How many gb free we getting by using that link?.. haha

    • http://www.androidpolice.com/ Artem Russakovskii

      What link? There's no ref link here.

    • http://www.facebook.com/profile.php?id=1745689461 Hal Motley

      Doesn't anyone find that joke funny? :-D

      I did!

  • Stormprobe

    You can't be reactive when it comes to security, you have to be proactive. Apparently Dropbox takes the reactive approach. So they will probably wait for another breach before they address another security hole.

    • http://www.androidpolice.com/ Artem Russakovskii

      How do you know this though? Who said that Dropbox hasn't been putting security enhancements in on the backend and client sides? I'm sure they're both proactive and reactive about security. You do still expect them to react to breaches, right? You just can't know if they're proactive because they don't publicize every under-the-hood enhancement they make.

    • John

      Wow. Not even worth commenting on. Too easy.

    • FrillArtist

      He has a point. Two step verification is a basic feature that should have been implemented a long time ago.

      • http://www.facebook.com/profile.php?id=1745689461 Hal Motley

        But it's better late than never though.

  • Jaymoon

    Set it up to use with Google Authenticator, and everything went smoothly. Yet all my apps/browsers/etc are still logged in. Curious why it wouldn't force this new method of logging in once it's enabled. I guess it won't matter for new devices that I log in to, but still...

    EDIT: Ah, clients need to be updated to support 2FA. Well then that explains it. :)

  • John

    Really excited for this! Google, Lastpass, now dropbox all using 2 step. Makes me a happy nerd.

  • http://twitter.com/zackeryfretty Zackery Fretty

    I keep getting a "Sorry, an error occurred. Please try again later" error.

  • Jasper

    It would be
    nice to see more of the leading companies in their respective verticals start
    giving us users the perfect balance between security and user experience by
    implementing 2FA which allows us to telesign into our accounts. I know some
    will claim that 2FA makes things more complicated, but the slight inconvenience
    each time you log in is worth the confidence of knowing your info is
    secure. I'm hoping that more companies
    start to offer this awesome functionality. This should be a prerequisite to any
    system that wants to promote itself as being secure.

  • http://www.facebook.com/profile.php?id=1745689461 Hal Motley

    Isn't this method similar to Steam?