Users’ data and how it’s compromised to malicious sources is improving at a very fast pace today, but the way we set our passwords and log in to services is still very much stuck in the past. The general assumption is still the same: that the complexity of a password (multiple unique symbols, numbers, upper and lower case letters) is proportional to its security. Password guessing algorithms now take these patterns (using ‘@’ instead of ‘a’, randomly capitalizing letters etc.) into consideration and this means we need to change the way we set our passwords, perhaps even add an extra layer of authentication when signing into online services.
These days, the accepted form of extra authentication is two-step verification: you sign-in to a service with your username and password, the service then sends a verification code to your phone that you have to re-enter online to finally log in. Facebook and Gmail are popular examples of services that use this feature, and now Dropbox – one of the most popular cloud syncing and storage services – has jumped on the two-step verification bandwagon.
Enabling the feature is a piece of cake. You login to your account from the Dropbox website, click on your name in the top right corner, click on Settings > Security > Account sign in and change Two-step verification to Enabled. Then, you can choose to get the verification code sent to your mobile phone or use a mobile app.
If you have a smartphone, we recommend you use the latter method since it will work even if you don’t coverage from your wireless carrier. Download Google Authenticator from the App Store for iOS, or Google Play Store for Android, launch it, tap on the + symbol, choose time-based token and then scan the barcode that Dropbox shows you when you choose mobile app from Settings.
Once that’s done, you will be asked to enter a verification code every time you login from a computer that isn’t recognized by Dropbox.
Two-step verification is an excellent way of significantly enhancing the security of your online accounts. Here’s hoping other sensitive services like Twitter and iTunes introduce the feature too in the near future.