Two-factor authentication adds an extra layer of protection to an account by requiring users to log on with a one-time additional security code that is sent to a user’s phone by text message, or generated using a mobile authenticator app. The codes expire quickly, making it much harder for a malicious entity to steal and use them.
If a user would prefer not to use SMS, apps that use the Time-Based One-Time Password protocol, such as Google Authenticator, Amazon AWS MFA or Authenticator, are also compatible and allow Dropbox enthusiasts to generate codes without paying for a text message. The OATH tool for terminal applications is also supported.
The functionality is in beta and available for any members wanting to test-drive it, but it requires the installation of version 1.5.12 of the Dropbox software, which the company is calling an experimental build. The feature can be enabled via Dropbox's website under the security tab in account settings.
Cloud-based Dropbox has become one of the most popular methods for sharing and storing large files that one may not be able to e-mail, with an increasing number of small- and medium-sized business users. The company decided to take extra security precautions after a spam scare earlier in the summer (which turned out to have been generated internally) as well as a string of high-profile thefts of user names and passwords from websites.