Following up on its promise to tighten security after an employee's hacked account led to a limited number of users receiving spam in their registered email accounts, Dropbox is making two-factor authentication available as an option. For now the feature is being tested in an experimental build of the cloud storage application, but a public rollout is due in the next few days.
Two-step verification adds an extra layer of protection to your account by requiring an additional security code that is sent to your phone by text message or generated using a mobile authenticator app. This makes it considerably harder for a potential hacker to gain access to your account even if he's able to get a hold of your password.
Those who want to try out the new feature ahead of the official rollout can upgrade to the latest experimental build (version 1.5.12) and head to your account’s security settings page. In the "Account sign in" section near the bottom of the page you’ll be able to turn on "Two-step verification" and start the setup process.
With the feature enabled, anyone trying to log in to your account on the Dropbox website will be asked to enter the security code before access is granted. The same happens during installation of the Dropbox client on a new computer or smartphone that you link to the account. On computers where you’re the only user, you can check a ‘Trust this computer checkbox so you are not prompted for a code on every login.
The latter seems like the best option although you should keep in mind that if you misplace your phone or laptop you may be vulnerable to intrusion until you unlink the device from your Dropbox account.
As mentioned earlier, users can either receive a six-digit code by text message or generate it with an authenticator app on their smartphones -- Google Authenticator for Android, iPhone, BlackBerry; Amazon AWS MFA for Android; and Authenticator for Windows Phone 7 are supported. Additionally you’ll be given a 16-character emergency backup code to keep on a safe place in case you can’t access your phone.