Dropbox two-step verification final released - gHacks Tech News

Dropbox two-step verification final released

Dropbox just three days ago launched the two-step verification feature as a beta for users of the cloud synchronization service that added another layer of security to the sign in process both on the Dropbox website and when connecting new clients on desktop systems.

The company today made two-step verifications available for all users of its service.  You can head over to your Dropbox account right now to activate the feature if you want. For that you need to click on your name located in the top right corner of the account screen after you have logged in and select Settings from the context menu there.

On the settings menu select the Security tab and locate the Account sign in module near the bottom of the page. It is located below the my devices and web sessions listings.

dropbox two step authentication

A click on the change button loads the wizard that walks you through the configuration of the security feature. Please note that you either need to verify a mobile phone using its number in the process, or install and work with mobile phone apps that are available for Android, iPhone, BlackBerry or Windows Phone smartphones.

If you select the text messaging option, you will receive an SMS whenever you try to log in on the Dropbox website or connect a new Dropbox client to the cloud hosting service. You need to enter that code during log in after you have entered your username and password. The mobile phone app works similar, only that it will generate the code that you then need to enter during log in.

An attacker trying to get into your Dropbox account would therefor not only need your username and password, but also your mobile phone, or at least the code that is generated to do so.

Dropbox has not updated the client yet, and it seems as if an update is not required to enable the two-step verification feature at all.

One of the reasons why Dropbox may push the feature that much was a recent attack on an employee's account that resulted in the leaking of a file with user information that were promptly abused to send out spam messages.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. John said on August 29, 2012 at 1:15 pm
      Reply

      It’s nice to see that leading companies in their respective verticals are giving users the perfect balance between security and user experience by implementing 2FA which allows us to telesign into our accounts. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. I’m hoping that more companies start to offer this awesome functionality. This should be a prerequisite to any system that wants to promote itself as being secure.

    2. 2StepWorry said on September 3, 2012 at 11:05 pm
      Reply

      Thanks for the clear explanation.

      I’m currently assigned to a project *** outside the U.S. ***,
      but would like to turn ON “2-step verification”
      with each:
      Dropbox, Gmail, LastPass, etc.

      Q1:
      Will Google (or anyone else) charge you $$$,
      to receive the code via an SMS text message
      to a cell phone in a non-US country?

      Q2:
      How reliable and fast is receiving the SMS code in your cell phone,
      in a non-US country? Always 100% ?

      Does it take seconds or minutes
      after you enter the regular password on your Desktop PC?

      Also, what if the SMS message
      does not arrive at all…?

      Concerned about reliability
      if I turn 2-step verification on…
      Thanks for any guidance…

      1. Martin Brinkmann said on September 3, 2012 at 11:30 pm
        Reply

        1. You need to ask that your provider, can’t say
        2. Can’t say, but I never had a issue receiving SMS
        3. Most of the time less than a minute. Sometimes, it took really long, like 30 minutes or longer.
        4. If the SMS does not arrive, you can ask for a resend.

        1. 2StepWorry said on September 3, 2012 at 11:36 pm
          Reply

          Thank you for your answers, Martin.

    Leave a Reply