Modernizing Authentication — What It Takes to Transform Secure Access
Dropbox recently announced the addition of two-step verification as an option for all accounts.
"In July, the company pledged to the move after a bunch of its customers had their accounts hijacked and used to send vast quantities of spam for gambling websites," writes The Register's Iain Thomson. "Dropbox blamed the security slip on a staffer reusing his work password on a website that had been hacked, and promised to beef up its security systems."
"Two-step verification adds an extra layer of protection to your account by requiring an additional security code that is sent to your phone by text message or generated using a mobile authenticator app," Dropbox engineer Jie Tang explained in a forum post.
"The added layer of security is currently optional but can be selected after users opt in, then check the 'Security' section of their 'Settings,'" writes Threatpost's Christopher Brook. "From there, users have the option to enable two-step verification by re-entering their password and choosing whether they’d like to receive their security codes by text messages or via a mobile app."https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
"Two-factor authentication that forces you to enter a per-transaction or per-session code -- loosely speaking, a password that is used once and never again -- is slightly less convenient for you, but very much less convenient for cybercrooks," writes Sophos' Paul Ducklin. "2FA even protects you from yourself, in the event that you inadvertently use the same password on more than one site, or get infected by key-logging malware."