There’s always a weakest link: your email. If someone gains access, you’ll likely face serious damage. Your Dropbox account is number two — especially if you have private files synced with your account — so we’re glad to hear that two-step authentication is available as an optional extra security feature. As of now, you can enable this feature with the new Security tab of your account. Just like Google’s popular version of the security feature, you can receive the codes both via text message and the authenticator app that uses a Time-based One-Time Password (TOTP) protocol.
For a while now, Google has offered a way to secure your account with the help of a nice little app called Google Authenticator. It has since been adopted by a couple of third-party services like the password reminder helper LastPass. This two-step verification uses your Dropbox account in conjunction with an Android or iOS app. You can choose from one of three TOTP apps. Google Authenticator is the obvious choice if you have a Google account with two-step verification already set up. Further instructions on enabling this feature can be found here.
It’s a bit concerning about the backup options should you lose your phone. Dropbox provides only one 16-digit emergency access code, but otherwise the feature works quite well without any of those irritating application-specific passwords, either. It also added a way for you to see all active logins to your account on the Security tab, and is working on automated mechanisms to identify suspicious activity.
In any case, added security is always good. if you have a smartphone, you’re advised to use this new feature.
On a related subject, Dropbox added this paragraph to its TOS:
“By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent we think it necessary for the Service.”
You can, at all times, choose from many good alternatives if you want to take your files elsewhere, though as Klint Finley at ReadWriteWeb points out, most services of the type include similar clauses in the ToS. So it’s really your choice, but as with anything on the Internet, the same rule applies. If you want to be secure and be sure that no one can ever steal your digital possessions, then you’ll always have to accept some compromises.
Images by Dropbox