Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to configure Dropbox's two-step authentication

Dan Moren | Aug. 28, 2012
Following in the footsteps of Google and other services, Dropbox this weekend enabled two-factor authentication to bring enhanced security to its users.

Mobile app users have a few additional options. Dropbox supports a number of different authenticator apps, including Google Authenticator for Android, iPhone, and BlackBerry; Amazon AWS MFA for Android; and Authenticator for Windows Phone 7.

The easiest way to set up an app is to fire up your authenticator app and use your phones camera to scan the two dimensional barcode that Dropbox provides. If youre using Google Authenticator, launch the app and click on the + button in the bottom right corner; then tap the Scan Barcode button and line up the crosshairs with the barcode Dropbox provides.

Alternatively, you can also manually enter your accounts secret key by clicking on the link that Dropbox offers. Follow the same instructions as above, but instead of scanning the barcode, enter the information that Dropbox provides you into the Account and Key fields.

Once youve entered that information, the authenticator app will provide you with a six digit code that refreshes every 30 seconds. Enter that code to verify that youve correctly linked your authenticator app with your account, and Dropbox will provide you with the 16 character backup code, which you should store someplace safe, in case of emergency (again, not in your Dropbox). Then click the Enable Two-step Verification button, and you should be ready to go.

(Advanced users also have the option to generate codes via the command-line OATH tool, but youll likely want to leave that alone unless youre very comfortable in Terminal.)

The login line

Now, every time you log in to your Dropbox account on the Web, youll be prompted to enter a six-digit code that youll receive from either a text message or your mobile app. On computers where youre the only user (or where you trust all the users), you can check the Trust this computer checkbox, which means that you will not be prompted to enter a code when logging in via that computer.

Unlike Googles two-factor authentication, Dropbox doesnt require you to create application-specific passwords for every piece of software that wants to use your account. However, you can still monitor which apps are currently linked to your Dropbox by going to the Settings section of your account on the Dropbox website and clicking on My apps. Youll see a list of the programs that currently have access to your Dropbox, the level of their access, and an option to unlink any of them.

While two-factor authentication doesnt assure complete and utter security for your Dropbox account, it does make it considerably harder for an attacker to compromise your account and, by extension, your files. And while it may require a certain degree of added complexity, thats not a bad tradeoff for peace of mind.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.