(LiveHacking.Com) – Dropbox has added the option for users to activate two-factor authentication when accessing the cloud-based storage service from the web or from a desktop/mobile device. The move comes after a recent security incident where spammers got hold of the email addresses of some Dropbox users. After an investigation Dropbox blamed the security failure on an employee who reused his work password on a website that had been hacked.
With the new two-step authenticaton, a security code is needed to login along with the normal username and password. The security code is issued by a mobile authenticator app (available for iOS, Android, Blackberry and Windows Phone 7) or sent by SMS to the user’s phone.
To use the new security layer, go to the Security tab in your Dropbox account settings and enable two-step verification in the “Account sign in” section. To confirm the action, you will need to re-enter your password. You can then choose to receive the security code by text message or by using a mobile app.
Dropbox supports any app that uses the Time-based One-Time Password (TOTP) protocol, including the following:
- Google Authenticator (Android/iPhone/BlackBerry)
- Amazon AWS MFA (Android)
- Authenticator (Windows Phone 7)
For those worried about the “inconvience” aspect of enabling the extra step during authrenication, fear not! On the desktop or when using a mobile app, you will only need the code the first time you sign in. For web access there is also the option to mark a computer/browser as trusted, meaning you won’t need to re-enter a code again (unless you delete your cookies).
Dropbox have also added a way for users to check all recent account logins, like the two-factor authentication settings, this is on the Security tab. Further setup instructions are also available in the Dropbox Help Center.