One of the solutions that companies came up with to fight against hacking attempts is the so called 2-step verification. Companies like Google, Blizzard, PayPal or Facebook have added 2-factor authorizations to their services that users can opt-in to. What this basically does is add a second layer of verification to the login process. Instead of just signing in with your username and password, you are asked to supply another code that is either generated with the help of a hardware device, like the Verisign Identity Protection keys that PayPal uses, or by sending a generated code to a registered mobile phone number.
And now it is Dropbox that has added two-step verifications to its file synchronization and hosting service. The service is only available if you have installed the experimental build 1.5.12 which you can download from the Dropbox forums for all supported operating systems.
Once you have downloaded and installed the latest version you need to visit the Try Two-Factor authentication page on the Dropbox account page.
Locate the Account sign in part on the page and there the Two-step verification entry. It should say disabled, and you need to click on change to enable the new feature. You will see the following information pop up on the screen.
You are asked to enter your Dropbox account password again when you click on Get started. Please note that mobile phone is just one of the options that you have to enable two-step verification for your account.
As you can see, you can select to get the security codes sent to your mobile phone, or use an authenticator app instead. Dropbox at the time of writing supports Google Authenticator, Amazon AWS MFA and Authenticator for Windows Phone 7.
If you select mobile phone, you are asked to enter a mobile phone number on the next page. The majority of countries, if not all, seem to be supported. You will receive an SMS afterwards with a code that you then need to enter on the next page to complete the setup of the two-step verification security feature.
You will also get an emergency backup code that you need to write down. I have added it as a note to the Dropbox entry in the password manager KeePass for safe keeping.
Two-step verification kicks in when
You can disable the authentication improvement on the security tab page of the Dropbox website again at any time.
It is very likely that the feature will be integrated in the next stable version of the Dropbox client software. (via Caschy)
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.