Dropbox Adds Two-Factor Authentication to Shore Up Account Security
After hackers gained access to several Dropbox accounts following a security breach, the company swore to bolster its defenses with a battery of new security-minded features. This weekend, Dropbox backed up its big talk, introducing the ability to add two-factor verification to your account.
Two-factor authentication, as the name implies, requires you to log in to your account with two pieces of information: your password and a one-time-use code sent to you via text message or an app that uses the Time-based One-Time Password (TOTP) protocol , such as Google Authenticator. If you don't have access to both pieces of information, you can't log into your account, plain and simple.
Sure, two-factor authentication can prevent hackers from gaining access to your Dropbox if they happen to come into possession of your password, but what happens if you're in an area with poor cellular reception and can't receive a text message or one-time-use code? That's where Dropbox's "Emergency Backup Code" comes in. From Dropbox's Help Center page for two-factor authentication:
Before enabling two-step verification, you'll receive a special 16-digit backup code. It is very important that you write this key down and store it somewhere safe. If you ever lose your phone or cannot receive or generate a security code, you'll need this backup code for emergency access to your Dropbox.
In other words, you really, truly don't want to lose that code. Dropbox's new two-step verification process will be added as an option to all accounts "sometime in the next few days"; if you want to add the extra security to your account today, you'll have to hit this link to sign up for the two-factor trial, then look for the option at the bottom of the Security tab section of your account settings.