Dropbox two-step verification final released
Dropbox just three days ago launched the two-step verification feature as a beta for users of the cloud synchronization service that added another layer of security to the sign in process both on the Dropbox website and when connecting new clients on desktop systems.
The company today made two-step verifications available for all users of its service. You can head over to your Dropbox account right now to activate the feature if you want. For that you need to click on your name located in the top right corner of the account screen after you have logged in and select Settings from the context menu there.
On the settings menu select the Security tab and locate the Account sign in module near the bottom of the page. It is located below the my devices and web sessions listings.
A click on the change button loads the wizard that walks you through the configuration of the security feature. Please note that you either need to verify a mobile phone using its number in the process, or install and work with mobile phone apps that are available for Android, iPhone, BlackBerry or Windows Phone smartphones.
If you select the text messaging option, you will receive an SMS whenever you try to log in on the Dropbox website or connect a new Dropbox client to the cloud hosting service. You need to enter that code during log in after you have entered your username and password. The mobile phone app works similar, only that it will generate the code that you then need to enter during log in.
An attacker trying to get into your Dropbox account would therefor not only need your username and password, but also your mobile phone, or at least the code that is generated to do so.
Dropbox has not updated the client yet, and it seems as if an update is not required to enable the two-step verification feature at all.
One of the reasons why Dropbox may push the feature that much was a recent attack on an employee's account that resulted in the leaking of a file with user information that were promptly abused to send out spam messages.Advertisement