Earlier this month, Dropbox, an online data-sharing platform, was hit with a breach that led the company to rethink their online security measures. While the company did a great job communicating with their users about the mishap, they took matters into their own hands for preventing this from happening again. As may companies have experienced, it is much less costly to implement fraud prevention system prior to an attack than try to make up for damage that is already done. In response to the breach, Dropbox has announced their implementation of two-factor authentication as an optional feature for login.
How its going to work
In order to better protect their data in the cloud, Dropbox is mimicking Googles efforts by offering two-factor authentication for their users. This will spread the login process across different devices and platforms to help secure someones login credentials beyond a standard username and password. Why the two-factor authentication is appealing is because it requires 2 of the 3 factors used to verify an identity. Those three factors being: something you know, something you are, and something you have. Something you know is your password or other security questions such as What is your mothers maiden name. Something you are implies using biometrics to help verify an identity by assets such as a fingerprint or retina scan. Lastly, something you have is a physical item you may possess such as a phone or key.
Dropbox is using something you know and something you have, together in tandem to help make their accounts safer. That something youre supposed to have? Your phone. When logging in, Dropbox will send a code to the users phone to help authenticate their true identity. What if you dont have your phone? The system will provide you with a 16-digit code to use if you dont have your phone.
Perhaps the biggest pro of this new system is that there is one at all. Dropbox had an incident, and did something about it. The new 2-factor authentication will provide some of the weary users with more piece of mind about logging in. The secondary step will prevent hackers from getting past the gate of log in.
While this is a step in the right direction, it does not fully seal off the gaps in the online security issues. Not that any system is 100% effective, there are some definite red flags in the new plan. The first issue being that it is an optional function. Both the website and mobile site should have secure log ins. Some other kinks that users have found is that you can only either sign up for SMS alerts or mobile app alerts for the second factor, not both. Many users also dont like the idea of their entire accounts existence being contingent of a 16-digit back up code.
Perhaps the biggest issue is, what is someone knows that something and has that something. If someone stole your smartphone and had access to your logins, they could still hack into your account.
EVS provides real time identify verification and authentication that requires users to answer questions that are developed to look and feel like the correct response. This helps to ensure that only the true identity can pass through the gate before accessing account information. If users fail these questions, they will not be permitted to move forward. That way even if someone knows your name, username, password, AND has your phone, they will not be able to pass the knowledge based authentication questions and will denied access.
[Contributed by EVS Marketing]