What Dropbox Two Factor Authentication Means to You

Dropbox has had more than its fair share of security issues over the last year, prompting many lawyers and technologists to advise against using the service, to employ additional layers of security, or to suggest alternative services such as Box. Despite all headwinds, Dropbox continues to be a widely-used service among lawyers, and is one of the fastest-growing cloud-based services anywhere.

To help address its perceived (and real) security issues, Dropbox has introduced two-factor authentication, a security update that it describes as “optional but highly recommended.”

I recently wrote about the benefits of two-factor authentication, and, like Google Apps, you’re further ahead with two-factor authentication than without.

However, the recent security issues that Dropbox has suffered, such leaked customer e-mail addresses and a security oversight that left passwords optional for four hours, won’t be solved by two-factor authentication. Two-factor authentication protects you against someone stealing or guessing your password, but it won’t help you if Dropbox doesn’t do more to strengthen its internal security. Think of two-factor authentication as an extra-strong lock on your front door: you need both a retina scan and a key to gain access to your house. However, if the back door’s been left open, as is too often the case with Dropbox, the security of two-factor authentication is rendered useless.


  1. It would be nice to see more of the leading companies in their respective verticals start giving their users the perfect balance between security and user experience by implementing 2FA which allows you to telesign into your accounts. I know some will claim that 2FA makes things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. I’m hoping that more companies start to offer this awesome functionality. To me this should be a prerequisite to any system that wants to promote itself as being secure.