Dropbox offers 2-step verification
If you want to keep your online accounts safe on the Internet from all those hacking threats, phishing and malicious software, one of the best options to do so comes in the form of 2-step verification. This system adds a second layer of authentication to the sign-in or connection process to effectively protect accounts against many forms of attacks. An attacker would not only need to have access to the account username and password, but also to the security code that is generated after username and password have been entered on the sign in page.
Companies use a variety of 2-step authentication methods. PayPal for instance uses a hardware device that displays a code when you activate. Other companies like Google or Facebook may send verification codes to a registered email address, or provide you with an authentication app that you run on your mobile phone.
Users of the Dropbox file synchronization service up until now did not have an option to add this second layer of security to their account. A new experimental build that was posted today on the official forum of the service changes that. The build enables 2-step verification in the Dropbox client that users install on their system to synchronize files between the local system and the online storage.
You need to open a custom url on the Dropbox website to activate the 2-step authentication feature itself before it becomes available when you log in on the Dropbox website or from a computer the Dropbox client is installed on. This url is only available through this link, and not (yet) available on the primary security page.
The link opens the Security configuration page on the Dropbox website. Locate the new 2-step verification entry on the page (near the bottom) and click on the change link next to it to launch a wizard that walks you through the steps of enabling the feature.
Dropbox supports two different methods when it comes to generating the security code. You can first select to receive codes by SMS sent to your mobile phone, or run a third-party authenticator application on your mobile phone instead to generate the code using the app. Dropbox supports multiple apps that are available for Android, iPhone, BlackBerry and Windows Phone smartphones.
If you prefer to receive the security code by text message, you need to enter your mobile phone number on the next page of the setup. Dropbox sends a code to the phone number to verify the phone. You need to type in the security code during setup to complete the process and verify the mobile phone number that you have entered.
You need to install one of the supported mobile apps if you select this option instead. Once it is installed on your phone you are asked to scan a barcode with your phone or enter a code manually in the app to set it up correctly. The correct setup needs to be verified as well by generating a code in the app and entering it on the setup page on the Dropbox website.
Dropbox displays a backup code then regardless of the method that you have selected. This backup code can be used to recover the account if you do not have access to your mobile phone anymore.
With the feature enabled, everyone who is trying to log in to your account on the Dropbox website will be asked to enter the security code before access to the account is granted. The same happens during installation of the Dropbox client on a new computer that you link to the account. Note that this only happens the first time you connect the client to the account, and not on consecutive log ins.
Two-step authentication improves the Dropbox account security making it a recommended feature for all security-conscious users of the service. It is likely that the next stable release will include the feature so that it becomes available for all users of the service.