After many of their users got spammed, Dropbox took action with a series of tactics to increase their access security. One of their main new features is optional two-factor authentication to log in. Read the full story.
They haven’t yet announced how they’ll implement two factor authentication or how it will work. Hopefully they won’t try to invent a custom solution and instead use industry standards like SAML (the security assertion markup language) and OATH HOTP to use stronger authentication mechanisms like two-factor authentication and single sign-on from vendors like Scorpion Software.
The key point is Dropbox is finally taking a look at extending its security and trust model, and for that we congratulate them. Hopefully they will follow the trail of some of their competitors like Box.net and include SAML for their more business-focused accounts.
A side benefit is that Dropbox is showing other companies the importance of password security, and what companies can do to gain stronger identity assurance. They’re leading by example and showing the world how to protect against spammers and hackers.
We hope in the future that more businesses will adopt two factor authentication to protect their clients and their own servers, accounts, and basically everything they do on a computer. Two factor authentication systems like AuthAnvil Two Factor Auth add an extra layer of protection because users enter a PIN they know, along with a dynamically generated one-time password produced by an app on their smartphone, a YubiKey in their USB port, or a hardware keyfob on their key ring. That means only the right people can get in. It decreases the chances of someone going into a website and sending out spam, and also helps prevent internal problems like an ex-employee going into your server and deleting everything.
We hope Dropbox will use industry standards like SAML so our mutual customers can take advantage of their investments in AuthAnvil Password Solutions to protect their Dropbox accounts. We’re proud of them for taking this important step to protect their clients. Go Dropbox!