Simply Security - News, Views, and Opinions from Trend Micro

Posted on August 31st, 2012 in Cloud Security by Simply Security | 1 Comment | Tags: Cloud Security

Dropbox is hoping two-factor authentication can restore confidence in cloud security.

There are a host of attractive advantages that initially draw users to cloud-based file storage utilities, but security concerns can quickly cut through these perceived benefits and send customers running in the opposite direction. Dropbox learned this lesson earlier this summer after an embarrassing spam attack threatened the reputation of the popular platform. To restore faith in its data protection capabilities, the company has decided to offer optional two-factor authentication in its latest experimental build.

Password protection has consistently proven to be the Achilles' heel of security plans crafted by Dropbox and others. Everything from basic phishing attacks to advanced malware variants are predicated on the notion that login credentials are the weakest link in the data security chain. The problem has only grown worse following the rise of smartphones, tablets and the multi-device business professional.

As PCWorld's David Jeffers explained, two-factor authentication breaks the mold by requiring users to confirm something that they "are" or something that they "have." These traditionally involve biometric traits and encryption keys or USB tokens, respectively. Unlike keyboard passwords, which constitute something that users "know," elements from the first two categories cannot simply be guessed by a clever cybercriminal.

Dropbox has chosen to begin its foray into two-factor authentication by leveraging something that users already have: a mobile phone.

"It serves as a reaction to [the summer] breach to increase consumer confidence, as well as implements a feature that businesses have been demanding from cloud storage vendors," Jon Oberheide of Duo Security told CSO Online.

In addition to their basic username and password, users can elect to have the second factor delivered to them in the form of a six-digit one-time password texted to their phone or a similar code generated by a new mobile authenticator app for smartphones.

Dropbox has stressed that the current two-factor authentication utility is effectively a beta test, and a more polished product will be soon be available to all users. But some experts have concerns that extend beyond simple glitchiness from software bugs.

For starters, according to ITworld, it remains to be seen whether users will even bother employing the more robust data security practice. Aside from the "dork factor," some may grow weary of going through the two-factor authentication process each time they want to access a document or share a photo. What's more, man-in-the-middle attacks are one of several lingering threats that keep two-factor authentication from becoming a bulletproof defense.

Data Security News from SimplySecurity.com by Trend Micro