TechSpot

Dropbox explains breach, will introduce two-factor authentication

By Leeky
Aug 1, 2012
Post New Reply
  1. An investigation started a fortnight ago by external experts at the request of Dropbox has concluded that an employee's hacked account led to a limited number of users receiving spam in their registered email accounts. On its official blog, Dropbox……

    Read more
     
  2. SNGX1275

    SNGX1275 TS Forces Special Posts: 12,623   +320

    I got an email from them last night saying they reset my password, and I should click this link to create a new one. That sounded pretty 'phishy' to me, so I asked my roommate to check her email since she also uses dropbox. She didn't have an email, so that raised even more flags.

    But I clicked through anyway, with the intention of watching the URL, seeing if browser picked up on any phishing, ect. Everything looked fine, but I still didn't feel right about it. So I just typed in dropbox.com and manually reset my password.

    I guess if dbox automatically resets my pass, then everything is still cool on my end, because if you do it yourself manually, you still don't have to reauth on individual devices. But I just felt better doing it myself.
     
  3. Leeky

    Leeky TS Evangelist Topic Starter Posts: 4,378   +98

    I pretty much always do the same thing if I ever get an email telling me to change it. Always feel safer going straight to the website in question and changing it with them rather than clicking some link in an email.
     
  4. Devon_D

    Devon_D TS Rookie

    It is sad to see something like this happen, but I think this is the type of wake-up call that they needed to kick the complacent attitude about authentication and passwords. There continues to remain the need for more preventative measures to be put in place. For example many of the leading online storage providers are giving users the perfect balance between security and user experience by implementing 2FA which allows us to telesign into our accounts. I know some will claim that the verification process makes things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. I'm hoping that more providers start to offer this awesome functionality. This should be a prerequisite to any system that wants to promote itself as being secure.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.