October 25, 2016

Dropbox adds another layer of security

(LiveHacking.Com) – Dropbox has added the option for users to activate two-factor authentication when accessing the cloud-based storage service from the web or from a desktop/mobile device. The move comes after a recent security incident where spammers got hold of the email addresses of some Dropbox users. After an investigation Dropbox blamed the security failure on an employee who reused his work password on a website that had been hacked.

With the new two-step authenticaton, a security code is needed to login along with the normal username and password. The security code is issued by a mobile authenticator app (available for iOS, Android, Blackberry and Windows Phone 7) or sent by SMS to the user’s phone.

To use the new security layer, go to the  Security tab in your Dropbox account settings and enable two-step verification in the “Account sign in” section. To confirm the action, you will need to re-enter your password. You can then choose to receive the security code by text message or by using a mobile app.

Dropbox supports any app that uses the Time-based One-Time Password (TOTP) protocol, including the following:

For those worried about the “inconvience” aspect of enabling the extra step during authrenication, fear not! On the desktop or when using a mobile app, you will only need the code the first time you sign in. For web access there is also the option to mark a computer/browser as trusted, meaning you won’t need to re-enter a code again (unless you delete your cookies).

Dropbox have also added a way for users to check all recent account logins, like the  two-factor authentication settings, this is on the Security tab. Further setup instructions are also available in the Dropbox Help Center.

World’s First USB Based Two-factor Authentication for Email

(LiveHacking.Com) – Swiss Hacker GmBh, a Swiss IT security company that offers its services via a SaaS model, has launched Secure Mail Key a two-factor authentication email solution. By using the supplied USB key (which works with Windows, OS X and Linux) SMK have developed a secure messaging solution to protect sensitive emails from hackers. The traditional single factor authentication method of username and password is inadequate to protect sensitive commercial or military information. By using social engineering, keyloggers, man-in-the-middle attacks or phishing attacks it is possible to discover and exploit users’ passwords.

However with a two-factor authentication system the second authentication factor (normally a pin or token generated by an external device) needs to be entered for successful login. With SMK the second factor is automatically generated by the supplied USB key. Simply pressing the button on the key causes the device to generate a unique one time password which is automatically filled into the relevant field on the login page.

Google introduced optional two-factor authentication for its gmail service earlier this year. Having entered your password, Google will call you with the code, send you an SMS message or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iOS device. However Google’s services only use SSL during the login phase. SMK however use a secure connection end to end via Cloudflare.

Other benefits of SMK include:

  • Military grade encryption
  • Govt. approved : DOD, ANSI standard and tested by over 1000 Hackers
  • No Key-loggers, Virus, phishing attacks are possible