In the aftermath of a data breach that it announced this week, Dropbox says that it will begin implementing new security measures. Those measures include new automated techniques for spotting suspicious behavior, a page where you can examine all active logins to your account, password update requirements, and two-factor authentication.
All of those are reasonable steps to take. That Dropbox hasn’t implemented most of those items before is a bit surprising. Only one of those items – two factor authentication – really puts a burden onto Dropbox users, but it could put a very big burden on iOS users and app developers.
Two factor authentication is a pretty common concept in business and government circles. Many companies rely on two-factor systems. Those systems use a traditional account and password combination but also require an additional item that verifies you’re actually you. That can mean a biometric check like a fingerprint or iris scan. It can be a simple physical token like a smart card you need to swipe.
Perhaps the most common option, and the one Dropbox seems to be planning to use, is the one time use password model. One time use passwords function by providing you with a code that is added to your password and that is only good for a single login or a limited time. There are varying ways companies can provide you with that additional code. One option, that Dropbox seems to be leaning towards is through a text message or push notification. You attempt to long in and a code is sent to your phone. You add that code to your password and you gain access to your account on whatever device you like.
While two factor authentication isn’t really new, Dropbox is looking at implementing it on a pretty broad scale and implementing it in the consumer market. Whether the idea will take off or not isn’t clear. Many users are apt to find that the system places too much of a barrier to the ease of use that makes Dropbox appealing in the first place.
How such a system will work with iOS devices is another question. When you use the Dropbox app on a Mac, it creates a folder visible in the Finder. You then interact with files as you any other folder. The same isn’t true for iOS apps that include Dropbox support (along with other cloud providers like Box and Google Docs/Drive). Each app requires you to enter your Dropbox account information and process your login independent of the others.
If you have to enter your information plus a code sent to your iPhone into each, that process could get cumbersome very quickly.