September 01, 2012, 7:03 AM — Following in the footsteps of Google and other services, Dropbox this weekend enabled two-factor authentication to bring enhanced security to its users.
While Dropbox was not among the services compromised in the well-publicized attack on Wireds Mat Honan earlier this month, the service has suffered from at least one security breach in recent months. Adding two-factor authentication is one way to make your connection to the servicewhich for many users is an increasingly important part of their workflowmore secure.
[ FREE DOWNLOAD: 6 things every IT person should know ]
As with Googles implementation, Dropboxs two-factor authentication relies on two separate elements: something you know (a password) and something you have (in this case, a separately generated code). While the combination of these two elements doesnt guarantee your security, it does make it much harder for a potential hacker to gain access to your account.
To enable Dropboxs two-factor authentication, youll want to make sure your desktop client is using version 1.5.12 or later. Since, at the time of this writing, 1.5.12 is a preview release, youll need to download it from the Dropbox forum and install it on all the computers you use with the service.
Once youve installed the newest version, visit the Dropbox website, click on your name in the top right corner, and select Settings. Then click on the Security tab.
In the bottom left of the screen, right under the Forgot password? link, youll see an option for Two-step verification (its a term used interchangeably with two-factor authentication). By default, it should read Disabled, but clicking on the Change button will open a dialog box that explains the system and a link that will explain it in further detail; click on the Get Started button to begin the process.
Youll first be prompted to enter your current password, for security reasons. After that, youll be given two options: receive security codes via a text message to your phone, or use a mobile app. Each option has its own virtues: If youre using a non-smartphone, youll probably want to opt for standard text messages. However, smartphone users will likely be better served by a mobile app, since it can work even when your phone isnt connected to the network.
If you choose text message, youll be asked to provide a phone number to which codes will be sent whenever you sign in to the Dropbox website or link a new device to your account. Once youve entered the phone number, youll receive a text message with a six-digit code, which youll use to verify that yes, that is the phone you meant to use. Youll then be provided with a 16-character emergency backup code which can be used to disable two-step verification just in case you cant access your phone for some reason. Its best to write this down and stow it somewhere secure where you can get at it (and especially where its not stored in Dropbox itself). Click Enable Two-step Verification, and youre all set.