Last week news broke that DropBox as well as other cloud data storage providers were at risk of a Man in the Cloud attack. Yesterday, Dropbox responded to these threats by making security improvements via adding a USB two factor authentication system.
Traditionally, many users favored using two factor authentication with DropBox via cell phone – a user would login and have DropBox send a text that contained a security code to the user’s registered phone number and then the user would have to enter that code to be able to successfully login. Unfortunately, as discovered last week, there were some flaws in this design.
According to Dropbox, users of this new authentication system would have to use devices that are compatible with the FIDO Alliance, commonly referred to as U2F. Currently, the new DropBox U2F is only supported on Chrome Desktop but the company is hopeful that soon to come updates will increase device and operating system coverage in the near future.
According to Tech News Today, Drew Houston, the CEO of DropBox, believes, “the main underlying problem pertains to when users keep similar or identical passwords on other less secure platforms.” This brings up a good point because many people, whether they are using cloud storage or not, tend to use the same or similar password for every application they use.
Image Credit: Wikimedia Commons | http://bit.ly/1EqMS9g