Dropbox two-step verification final released
Dropbox just three days ago launched the two-step verification feature as a beta for users of the cloud synchronization service that added another layer of security to the sign in process both on the Dropbox website and when connecting new clients on desktop systems.
The company today made two-step verifications available for all users of its service. You can head over to your Dropbox account right now to activate the feature if you want. For that you need to click on your name located in the top right corner of the account screen after you have logged in and select Settings from the context menu there.
On the settings menu select the Security tab and locate the Account sign in module near the bottom of the page. It is located below the my devices and web sessions listings.
A click on the change button loads the wizard that walks you through the configuration of the security feature. Please note that you either need to verify a mobile phone using its number in the process, or install and work with mobile phone apps that are available for Android, iPhone, BlackBerry or Windows Phone smartphones.
If you select the text messaging option, you will receive an SMS whenever you try to log in on the Dropbox website or connect a new Dropbox client to the cloud hosting service. You need to enter that code during log in after you have entered your username and password. The mobile phone app works similar, only that it will generate the code that you then need to enter during log in.
An attacker trying to get into your Dropbox account would therefor not only need your username and password, but also your mobile phone, or at least the code that is generated to do so.
Dropbox has not updated the client yet, and it seems as if an update is not required to enable the two-step verification feature at all.
One of the reasons why Dropbox may push the feature that much was a recent attack on an employee's account that resulted in the leaking of a file with user information that were promptly abused to send out spam messages.
Advertisement
Thanks for the clear explanation.
I’m currently assigned to a project *** outside the U.S. ***,
but would like to turn ON “2-step verification”
with each:
Dropbox, Gmail, LastPass, etc.
Q1:
Will Google (or anyone else) charge you $$$,
to receive the code via an SMS text message
to a cell phone in a non-US country?
Q2:
How reliable and fast is receiving the SMS code in your cell phone,
in a non-US country? Always 100% ?
Does it take seconds or minutes
after you enter the regular password on your Desktop PC?
Also, what if the SMS message
does not arrive at all…?
Concerned about reliability
if I turn 2-step verification on…
Thanks for any guidance…
1. You need to ask that your provider, can’t say
2. Can’t say, but I never had a issue receiving SMS
3. Most of the time less than a minute. Sometimes, it took really long, like 30 minutes or longer.
4. If the SMS does not arrive, you can ask for a resend.
Thank you for your answers, Martin.
It’s nice to see that leading companies in their respective verticals are giving users the perfect balance between security and user experience by implementing 2FA which allows us to telesign into our accounts. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. I’m hoping that more companies start to offer this awesome functionality. This should be a prerequisite to any system that wants to promote itself as being secure.