Dropbox Adds Two-Step Verification

Dropbox is still the most popular cloud-based file sharing and storage system, so its success and failures will inevitably signal how quickly the legal community warms up to the cloud.

Dropbox has recently come under scrutiny for a number of security failures. In response to breaches discovered earlier this summer, they have just introduced a new two-step verification on their accounts.

The two-step verification will be optional for users, and allows them to impose a new security code on top of passwords. The code is sent directly to a cell phone, and can be used whenever the account is added to a new computer.

Other changes introduced earlier this summer are security features to identify irregular activity, and a monitoring page to see where your account has been used.

It’s not quite the level of security offered by data encryption, but hopefully it does prevent future breaches of data which could undermine confidence in cloud-based security.

Retweet information »

Comments

  1. Catherine Roberts

    Actually, DropBox does offer data encryption. The chatter last year about trying to mount a secure encypted volume in your DropBox account arose because it was revealed that some DropBox staff still had the ability to access your data, despite the encryption. However, the DropBox account is still encrypted, using secure, bank-grade encryption methods, vis-a-vis the rest of the world.
    https://www.dropbox.com/help/27/en

  2. David Collier-Brown

    This might even be able to meet most of the “trusted login path” requirement of the old military “Orange Book” standard.

    Ever so slowly the state of practice approaches the state of the art in 1983, when the Trusted Computer System Evaluation Criteria, frequently referred to as the Orange Book, was first published (;-))

    –dave

  3. Thanks for the heads up Catherine.

    Even more reason for lawyers to feel comfortable moving to the cloud.

  4. And coming soon, it seems, is “cloud in a box” software from VMware that aims to let companies create their own sophisticated clouds and not have to rely on SAAS: http://bits.blogs.nytimes.com/2012/08/27/vmware-let-a-thousand-clouds-contend/