Security Awareness Blog

Dropbox Gets Two-Factor Authentication Right

Dropbox is the 800 pound gorilla of the Cloud world, so they are the target when they do things wrong, as I and others have pointed out in the past. But let's also commend them for when they do things right. Last week Dropbox enabled two-factor authentication for their users and I've been trying it out. I really like it, they kept it very simple. Instead of developing their own process, they simply looked around the community and copied whom they felt had the best public implementation of two-factor authentication, Google.

What Dropbox has done is give you several options for how you to authenticate, including the standard SMS messaging to your phone. However, they also give you the option to user Google Authenticator, so if you already have two-step verification with Google, you are 95% there with Dropbox. Also, they use the same term as Google, two-step verification. Two-factor authentication is more precise or proper term, but comes off technical. Two-step verification is easy to understand, perfect for the Ordinary Computer User. I find it very simple to use and encourage anyone who has the option to enable it.

Personally I hope any and all online services move to this same true two-factor authentication options (Facebook, Twitter, heck - perhaps even my bank?)