Dropbox To Adopt Two-Factor Authentication After Spam Campaign

The company issued a blog post indicating that a coordinated response is under development. Most notably, Dropbox plans to implement two-factor authentication involving not only the traditional username and password but also a temporary code that would be sent to the user's mobile phone. This feature is expected to become active within the next few weeks.

Two-factor authentication is believed to be poised for increased popularity, given that mobile devices are increasingly being used as the delivery mechanism for the temporary access codes. Prior to that trend, multi-factor authentication technology was limited by issues around the distribution of enabling devices, as well as the costs and maintenance of those devices.

[Related: The Biggest Data Breaches of 2012 (So Far) ]

"Keeping Dropbox secure is at the heart of what we do, and we’re taking steps to improve the safety of your Dropbox even if your password is stolen," said Dropbox engineer Aditya Agarwal on the company's blog.

Sponsored post

The company also announced plans to roll out a new Web page that will enable users to track all active logins to their accounts. In addition, recommendations for password changes and other security enhancements will apparently be forthcoming. The post also included common, but useful, conventional wisdom around frequent password changes, the use of different passwords for different accounts and recommended password complexity.

Dropbox reportedly encountered similar issues with spammers earlier this year. A series of incidents involving pharmaceutical sales were reported in March, in which about 1,200 suspicious URLs were identified over a period of two days.