Dropbox To Adopt Two-Factor Authentication After Spam Campaign

By Ken Presti
August 01, 2012 4:42 PM ET

Dropbox promises to take action after an employee's stolen password was used in the theft of hundreds of customer email addresses, mostly in Europe, which were later used in a spam campaign for a number of online gambling venues. The company also believes that some of the spam incidents were related to the theft of usernames and passwords from other sites, which were then used to access Dropbox accounts.

The company issued a blog post indicating that a coordinated response is under development. Most notably, Dropbox plans to implement two-factor authentication involving not only the traditional username and password but also a temporary code that would be sent to the user's mobile phone. This feature is expected to become active within the next few weeks.

Two-factor authentication is believed to be poised for increased popularity, given that mobile devices are increasingly being used as the delivery mechanism for the temporary access codes. Prior to that trend, multi-factor authentication technology was limited by issues around the distribution of enabling devices, as well as the costs and maintenance of those devices.

"Keeping Dropbox secure is at the heart of what we do, and we’re taking steps to improve the safety of your Dropbox even if your password is stolen," said Dropbox engineer Aditya Agarwal on the company's blog.

The company also announced plans to roll out a new Web page that will enable users to track all active logins to their accounts. In addition, recommendations for password changes and other security enhancements will apparently be forthcoming. The post also included common, but useful, conventional wisdom around frequent password changes, the use of different passwords for different accounts and recommended password complexity.

Dropbox reportedly encountered similar issues with spammers earlier this year. A series of incidents involving pharmaceutical sales were reported in March, in which about 1,200 suspicious URLs were identified over a period of two days.

PUBLISHED AUG. 1, 2012

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	10 Emerging Security Technologies Gaining Interest, Adoption Despite some security defenses being only in their infancy, they are attracting interest for addressing BYOD issues, cloud security concerns and stolen account credentials. Here's a look at some of the top new security areas gaining industry interest.
	5 Government Intelligence Facilities You've Never Heard Of One facility has been around since the dawn of space exploration, while other buildings are still in construction. But, they all have serious data analysis and surveillance support activities associated with them.
	Data Breach Costs: 10 Ways You're Making It Worse A little planning and avoiding these 10 costly missteps can help mitigate the impact of a data security breach, according to the Ponemon Institute's latest research.
	More Slide Shows