Will Dropbox’s New Security Measures Kill Or Limit Functionality In iOS Apps?


Responding to a security breach, Dropbox plans new security tools, but they might be too burdensome for iPhone and iPad users.
Responding to a security breach, Dropbox plans new security tools, but they might be too burdensome for iPhone and iPad users.

In the aftermath of a data breach that it announced this week, Dropbox says that it will begin implementing new security measures. Those measures include new automated techniques for spotting suspicious behavior, a page where you can examine all active logins to your account, password update requirements, and two-factor authentication.

All of those are reasonable steps to take. That Dropbox hasn’t implemented most of those items before is a bit surprising. Only one of those items – two factor authentication – really puts a burden onto Dropbox users, but it could put a very big burden on iOS users and app developers.

Two factor authentication is a pretty common concept in business and government circles. Many companies rely on two-factor systems. Those systems use a traditional account and password combination but also require an additional item that verifies you’re actually you. That can mean a biometric check like a fingerprint or iris scan. It can be a simple physical token like a smart card you need to swipe.

Perhaps the most common option, and the one Dropbox seems to be planning to use, is the one time use password model. One time use passwords function by providing you with a code that is added to your password and that is only good for a single login or a limited time. There are varying ways companies can provide you with that additional code. One option, that Dropbox seems to be leaning towards is through a text message or push notification. You attempt to long in and a code is sent to your phone. You add that code to your password and you gain access to your account on whatever device you like.

While two factor authentication isn’t really new, Dropbox is looking at implementing it on a pretty broad scale and implementing it in the consumer market. Whether the idea will take off or not isn’t clear. Many users are apt to find that the system places too much of a barrier to the ease of use that makes Dropbox appealing in the first place.

How such a system will work with iOS devices is another question. When you use the Dropbox app on a Mac, it creates a folder visible in the Finder. You then interact with files as you any other folder. The same isn’t true for iOS apps that include Dropbox support (along with other cloud providers like Box and Google Docs/Drive). Each app requires you to enter your Dropbox account information and process your login independent of the others.

If you have to enter your information plus a code sent to your iPhone into each, that process could get cumbersome very quickly.

Source: Dropbox

Image: Dropbox

  • mr_bee

    This seems like death for DropBox to me. DropBox thrives because of it’s simplicity and ease of use, if it turns into something you have to use CIA type security for then it will be useless for many people.

    Also, I don’t understand why this kind of stuff is necessary for DropBox but not for iCloud. All i need for iCloud is a user/password combination and they don’t have these kinds of problems.

  • kosso

    If developers are using the new version 1 Dropbox API and doing all the required OAuth things correctly, then this is a non-issue.

    It’s all working fine for my mobile and server -based Dropbox connections for users of my system.

  • attilitus

    This will not be cumbersome to users. Dropbox will support application specific passwords which will allow user’s devices to login without using an OTP. This is how Google supports two-factor authentication while still allowing your mobile device to access your account information. The author really didn’t do their homework!

  • garlandsmith

    I think, in general, Dropbox is losing its appeal… With iCloud about to take over and even Skydrive and its “impressive” free storage I don’t see how Dropbox can retain the current status… Unless they dramatically lower their prices that is and increase the free account storage …

  • Micha? Wendrowski

    Two-Factor authentication sucks! It’s too hard for users. Most people will never us it.

    Dropbox should consider using Rublon (yes, that’s my startup):

    7 reasons why you should add Rublon to your website: