Dropbox’s New Mobile Two-Factor Authentication Is a Step in The Right Direction—Or Is It?
Cybersecurity is a massive concern in today’s world of hackers and malware—And cloud-based storage platforms are certainly not immune to attack. While two-factor authentication is prevalent in a variety of spaces, Dropbox only recently rolled out an update to their mobile app that includes this enhanced security feature.
People have accepted two-factor authentication because it’s an easy way to validate a login on a website–And in today’s busy world, we loath any additional steps that require effort on our part.
Unfortunately, the paradox is that the easier two-factor is for us, the more likely hackers will be able to crack the code and maliciously access our accounts.
What is Two-Factor Authentication?
Two-factor authentication can be especially helpful when you’re logging in from a new device or one that you’re only using for a short period of time. With this updated functionality, Two-factor authentication employs SMS text messages with a verification code.
Dropbox provides us with a simple and highly secure mechanism for authentication that doesn’t require an active cellular connection. Instead of generating their own authentication, Dropbox has elected to use several well-known selections, including Google Authenticator for iPhone/Blackberry/Android, Duo Mobile for iPhone/Android and Authenticator, found on Windows Phone 7. You can quickly activate this added security measure by scanning a barcode or entering a time-based token into the apps.
Cross-Platform Validation
Dropbox’s implementation of two-factor authentication slightly differs from others in that you use your mobile app to validate access from a desktop platform. Along with in-app notifications and SMS text messages, it offers a backup option that allows the flexibility to add backup phone numbers as insurance against the loss of the primary device.
Dropbox enabled a new option— If you lose your phones or otherwise can’t receive codes via SMS, voice call, or Google Authenticator you can use backup codes to sign in. The codes will be sent to you in sets of 10, and you can generate a new set at any point, automatically making the old set inactive. In addition, after you’ve used a backup code to sign in, it will become inactive.
Cybersecurity Risks
It’s important to note that two-factor authentication isn’t a single technology. It’s simply a way of referring to a class of authentication options that varies greatly in its ability to protect accounts. There are true limits to the power of this technology, as dedicated hackers find it relatively easy to bypass a poorly implemented or weak two-factor authentication.
Hackers continually look for ways around two-factor authentication. They infiltrated Bitcoin’s security in 2014 by intercepting software tokens to recover account information. There are plenty of other examples of failed two-factor authentication—One of the most recent when Russian groups targeted U.S. voters by harvesting confirmation codes.
One of the limiting factors for the success is the wireless carrier themselves—If hackers can penetrate providers such as AT&T, Sprint and Verizon, they can hijack or spoof-text messages directed to that phone.
While introduced in 2012 as an effective method to prevent account takeovers, two-factor authentication is still a controversial topic. This technology is one of the most-used options for securing personal accounts—However, it still may not offer the level of security that we would expect.
The Benefits for Dropbox
The security key used for two-factor authentication is only supported in Google’s Chrome browser. Dropbox hopes that it will bolster security and foil would-be attackers by bypassing spoof sites and phishing schemes to gather a user’s login, password and verification codes. When hackers use this information to access your account, they’re gaining full access to your digital life.
The tendency for individuals who use cloud-based storage to maintain everything in one location is a lodestone for unscrupulous individuals— They can steal enough personal information to create unapproved accounts, file fraudulent tax returns, and execute many nefarious deeds.
By providing a more secure sign-in mechanism, Dropbox is clarifying their focus on security to individuals and businesses alike.
Dropbox is one of the many technology options available in the market today that can make your digital life more flexible and portable –However, keep in mind that there are definite trade-offs in security with some of these platforms.
Even the best security platforms can be compromised. Ensure that your organization’s data stays safe by working with Compunet InfoTech in Vancouver to ensure your cybersecurity meets today’s stringent standards. Contact us today at (604) 986-8170 or via info@compunet.ca.