Dropbox has added two-factor authentication (2FA) early for 'loyal forum viewers'.
According to a forum post, the promise to deliver 2FA for Dropbox users is due to arrive during the next few days to "add an extra layer of protection to your account by requiring an additional security code that is sent to your phone by text message or generated using a mobile authenticator app". This has been given to Dropbox forum users first, with users asked to have the latest build (1.5.12) installed.
“We'd appreciate it if you would unlink and relink your account after enabling two-step verification, and report your experiences in this thread,” the post said. Support has been added for Windows, Mac OS X, Linux x86_64 and Linux x86, however users have to opt into the 2FA process by enabling it in their account settings.
In a blog post, Dropbox engineer Dan Wheeler said: “On your desktop or mobile devices, you'll only need the code the first time you sign in to Dropbox. On the web, you can also select the option to 'trust this computer' and you won't need to re-enter a code again.”
Dropbox announced the additions of the options after admitting that its accounts were recently hacked, leading to spam being sent from/to user accounts. The company announced that it was introducing 2FA and automated mechanisms to help identify suspicious activity and a new page to allow users to examine all active logins to their account.
Paul Ducklin, head of technology for Asia Pacific at Sophos, said: “Two-factor authentication that forces you to enter a per-transaction or per-session code - loosely speaking, a password that is used once and never again - is slightly less convenient for you, but very much less convenient for cyber crooks.
“Two-factor authentication even protects you from yourself, in the event that you inadvertently use the same password on more than one site, or get infected by keylogging malware. If you're a Dropbox user, why not give it a go?”