Dropbox has had more than its fair share of security issues over the last year, prompting many lawyers and technologists to advise against using the service, to employ additional layers of security, or to suggest alternative services such as Box. Despite all headwinds, Dropbox continues to be a widely-used service among lawyers, and is one of the fastest-growing cloud-based services anywhere.
To help address its perceived (and real) security issues, Dropbox has introduced two-factor authentication, a security update that it describes as “optional but highly recommended.”
I recently wrote about the benefits of two-factor authentication, and, like Google Apps, you’re further ahead with two-factor authentication than without.
However, the recent security issues that Dropbox has suffered, such leaked customer e-mail addresses and a security oversight that left passwords optional for four hours, won’t be solved by two-factor authentication. Two-factor authentication protects you against someone stealing or guessing your password, but it won’t help you if Dropbox doesn’t do more to strengthen its internal security. Think of two-factor authentication as an extra-strong lock on your front door: you need both a retina scan and a key to gain access to your house. However, if the back door’s been left open, as is too often the case with Dropbox, the security of two-factor authentication is rendered useless.