Earlier this month, Dropbox, an online data-sharing
platform, was hit with a breach that led the company to rethink their online
security measures. While the company did a great job communicating with their
users about the mishap, they took matters into their own hands for preventing
this from happening again. As may companies have experienced, it is much less
costly to implement fraud prevention system prior to an attack than try to make
up for damage that is already done. In response to the breach, Dropbox has
announced their implementation of two-factor
authentication as an optional feature for login.
How its going to work
In order to better protect their data in the cloud, Dropbox
is mimicking Googles efforts by offering two-factor authentication for their
users. This will spread the login process across different devices and
platforms to help secure someones login credentials beyond a standard username
and password. Why the two-factor
authentication is appealing is because it requires 2 of the 3 factors used
to verify an identity. Those three factors being: something you know, something
you are, and something you have. Something
you know is your password or other security questions such as What is your
mothers maiden name. Something you are
implies using biometrics to help verify an identity by assets such as a
fingerprint or retina scan. Lastly, something
you have is a physical item you may possess such as a phone or key.
Dropbox is using something
you know and something you have,
together in tandem to help make their accounts safer. That something youre
supposed to have? Your phone. When logging in, Dropbox will send a code to the
users phone to help authenticate their true identity. What if you dont have
your phone? The system will provide you with a 16-digit code to use if you
dont have your phone.
Perhaps the biggest pro of this new system is that there is
one at all. Dropbox had an incident, and did something about it. The new
2-factor authentication will provide some of the weary users with more piece of
mind about logging in. The secondary step will prevent hackers from getting
past the gate of log in.
While this is a step in the right direction, it does not
fully seal off the gaps in the online
security issues. Not that any system is 100% effective, there are some
definite red flags in the new plan. The first issue being that it is an
optional function. Both the website and mobile site should have secure log ins.
Some other kinks that users have found is that you can only either sign up for
SMS alerts or mobile app alerts for the second factor, not both. Many users
also dont like the idea of their entire accounts existence being contingent
of a 16-digit back up code.
Perhaps the biggest issue is, what is someone knows that
something and has that something. If someone stole your smartphone
and had access to your logins, they could still hack into your account.
EVS provides real time identify
verification and authentication that requires users to answer questions
that are developed to look and feel like the correct response. This helps to
ensure that only the true identity can pass through the gate before accessing
account information. If users fail these questions, they will not be permitted
to move forward. That way even if someone knows your name, username, password,
AND has your phone, they will not be able to pass the knowledge
based authentication questions and will denied access.
[Contributed by EVS Marketing]