h-online: Cloud backup provider Dropbox says it has begun a public test of two-factor authentication for its service. Dropbox had announced it would start offering the security measure after the service experienced a data leak at the beginning of the month.
Users who activate two factor authentication will have to enter a security code after logging in with their username and password. The security code can only be used once and is sent to the user’s mobile phone in a text message. To generate security codes, users can also use a variety of smartphone applications such as Google Authenticator. Details of the process are given on the two-step verification help page.
Two-factor authentication protects a user’s account even when an attacker gains access to the account password. The second factor, in this case the user’s mobile phone which receives or generates the security code, is needed to take over the account. When activating two-factor authentication on Dropbox, the user also receives a 16-character emergency code that can be used if the user loses their mobile phone or runs into problems with the code generator. The emergency code should be kept in a safe place, out of the reach of hackers. It would be prudent not to store it in the same place as the Dropbox account password. Web sites that have been using two-factor authentication for a while include Google and Facebook.
Users who want to take part in the test of two-factor authentication, have to explicitly activate the security feature for their Dropbox account and install the experimental version 1.5.12 of the Dropbox client. The current versions of the Dropbox smartphone applications for Android and iOS are already usable with the experimental feature.