Early this month, popular file hosting service Dropbox confirmed an internal breach the resulted in its European users receiving spam advertising gambling websites, and announced a number of new security features – among them was the introduction of optional two-factor authentication.
Less then a month later, this security measure has been introduced for early adopters.
“Two-step verification adds an extra layer of protection to your account by requiring an additional security code that is sent to your phone by text message or generated using a mobile authenticator app,” explained a Dropbox employee on the service’s forum.
To enroll, users are required to enable two-step authentication on their accounts and to download the latest forum build version (1.5.12) of the Dropbox client.
Receiving SMS-based six-digit security tokens might be still difficult for users outside the US, as whether they will receive these messages or not depends on whether their own mobile providers deliver international messages.
“We’re working hard on adding more carriers, but in the meantime, using the offline app instead of SMS is best,” a Dropbox employee wrote.
The offline app will be familiar to all users who have enabled two-factor authentication for their Gmail account and are using the Google Authenticator app. Other applications that can be used are Authenticator (for Windows Phone 7 users) and Amazon AWS MFA (for Android users).
And just in case the users lose their smartphones or are unable to obtain the codes in a timely fashion, upon setting up two-factor authentication they will be provided with a 16-digit backup code they can use to unlock their account.