http://www.informationweek.com/security/application-security/dropbox-two-factor-authentication-has-ki/240006269 By Mathew J. Schwartz InformationWeek August 27, 2012 Dropbox is making two-factor authentication available to some users as part of a beta test that's meant to shake down the new service. The feature's debut--for self-selected early adopters--involves installing and running an "experimental build" version of the Dropbox software, released Friday, for their Windows, Mac OS X, or Linux PC. The feature had been previewed by Dropbox's VP of engineering, Aditya Agarwal, last month, after an investigation conducted by Dropbox into a spam campaign against its users was ultimately traced to passwords that had been reused by Dropbox users on other sites, from which the credentials had been stolen. But Dropbox also found that one password-reuse culprit was in fact a Dropbox employee, who'd stored--unencrypted--a copy of some Dropbox users' email addresses in his Dropbox account, which an attacker then accessed and downloaded. In the wake of that breach, some security experts had recommended that all Dropbox users treat any data they uploaded to the service as publicly accessible. As of Friday, however, Dropbox users can make it more difficult for attackers to access their stored items, by using the "enable two-step verification" feature now displayed on the security tab of their account pages. The sign-up page states: "Two-step verification adds an extra layer of protection to your account. Whenever you sign in to the Dropbox website or link a new device, you'll need to enter both your password and also a security code sent to your mobile phone." Instead of receiving text messages with a one-time log-in password, however, Dropbox users can choose to use a mobile app. [...]Received on Tue Aug 28 2012 - 01:50:49 PDT
This archive was generated by hypermail 2.2.0 : Tue Aug 28 2012 - 01:56:24 PDT