Dropbox Two-Step Verification Security Available For Testing, And Security Experts Are Already Criticizing It

Monday, August 27, 2012 11:39
edit
Dropbox Two-Step Verification Security Available For Testing, And Security Experts Are Already Criticizing It

Tags: privacy; security

Dropbox users now have the option to make it more difficult for attackers to access their stored items. The added layer of security prompts users to input their cell phone number into the website, receive a six-digit numeric code, and then provide this back to the Dropbox, which then assigns users a unique 16-digit password, according to InformationSecurity Week.

This Website Is For Financial Professionals Only


Security experts are already criticizing the app because, among other things, if you ever lose your phone, you'll need the 16-digit emergency backup code to disable two-step verification and access your account.
 
Dropbox is incredibly convenient for sharing pictures and other information, and it is free – until you store more than a certain amount of data. But its security features have been criticized.
 
Last month, one of the company’s s own employees had his Dropbox account hacked after he used the same password on multiple sites as well as for his Dropbox accounts. The employee reportedly had stored unencrypted in his account the email addresses of some Dropbox users, which the hackers then accessed and used to conduct a spam campaign.
 
In June 2011, Dropbox mistakenly left all user accounts open with no password protection whatsoever for four hours.
 
You can try out the new two step verification feature by clicking on a link displayed on the security tab of your Dropbox account and downloading a new version of the app. You’ll have to use a two-step verification code whenever you want to log into the Dropbox site or enable the app on a new computer.
 
My company, Advisor Products, makes a document vault for advisors that has stiff security requirements. So I am conflicted in covering this issue. But my conflict also gives me a good understanding of the issues from an advisor's point of view, where protecting clients' privacy and data is of utmost importance. Basically, the issue comes down to this:  Adding credible security to any consumer app makes the app more difficult to use. Advisors and clients need to reset their expectations if they hope to balance ease of use with security.

 

Comments (0)

Write comment

You must be logged in to post a comment. Please register if you do not have an account yet.

busy