February 27, 2021

Online Security: Dropbox Adds Two-Step Verification to Make Your Account More Secure

Note: The new feature is now rolling-out and will be available to all users in the next few days.

From VentureBeat:

Just weeks after another security breach, cloud storage company Dropbox has added a two-step verification process to help make user accounts more secure.

Dropbox has experienced three high-profile instances of security problems in the past year or so, with the latest instance concerning usernames and passwords being stolen from other websites and their accounts accessed. In response to the latest incident, Dropbox promised it would add “two-factor authentication.” This means you need two proofs of identity, such as your user password and a code sent to your phone, to gain access to your account.

“Two-step verification is an optional but highly recommended security feature that adds an extra layer of protection to your Dropbox account,” Dropbox writes. “Once enabled, Dropbox will require a six-digit security code in addition to your password whenever you sign in to Dropbox or link a new computer, phone, or tablet.”

More From the The Verge:

You’ll need to download the latest beta version of the desktop software to try the feature out. Once you do, visit this link to activate yourself in the beta, and follow the steps to turn on two-step authentication. Just like Google’s popular version of the security feature, you receive the codes via text message or an authenticator app that uses Time-based One-Time Password (TOTP) protocol (e.g. Google Authenticator).

From PC World:

Dropbox users have reported a few problems on the company’s forum, but were generally positive. Dropbox employee “Dan W.” wrote on the forum that since SMS codes expire in about a minute, the company is working to make SMS deliveries faster, as well as adding new carriers.

“In the meantime, if SMS delivery is slow, I recommend using an offline app instead,” he wrote.

Dropbox is also working on a feature for users to “untrust” their current browser or all other browsers, which would mean a code would be required upon the next attempted login. Dan W. wrote that “in the meantime, for testing purposes, you can untrust a computer by deleting Dropbox cookies.”

About Gary Price

Gary Price (gprice@mediasourceinc.com) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. Before launching INFOdocket, Price and Shirl Kennedy were the founders and senior editors at ResourceShelf and DocuTicker for 10 years. From 2006-2009 he was Director of Online Information Services at Ask.com, and is currently a contributing editor at Search Engine Land.

Share