Since I jump between computers (or, more accurately, computing devices) a good bit, I am a huge fan of Dropbox. (For the purposes of this post, I’m going to assume that y’all know what Dropbox is, and won’t go into a big long explanation. The short version is: It’s file storage in The Cloud™, accessible from any number of computers, phones, tablets, and probably secret decoder rings that you got in your breakfast cereal.) If you’re like me, you probably have a reasonable amount of paranoia about putting your Stuff out where other people could conceivably get to it, and it makes you somewhat twitchy. You’ve turned on all of the “email me when a new device (app, secret decoder ring) is linked to my account” settings, but still wonder if you could be doing more.
Turns out, there is.
You can turn on two-factor authentication. If you’ve ever worked somewhere where you’ve had to use an RSA token, it’s kind of like that. Except your RSA token is (most likely) an app on your (phone, tablet, computer, secret decoder ring). It’s very very easy to enable, and makes it a lot less likely that random Joe is going to be able to start poking around in your Dropbox account.
In order to enable two-factor authentication, go to your account’s security settings. Under “Account sign in” there will be an option for Two-step verification, and it will probably be set to disabled. You can click on the word “(change)”, and (shocking, I know) be walked through the process of enabling this feature.
If you’ve already set up two-factor authentication for your gmail account (which you have, right? Right?), this should be a snap. You can use your existing Google Authenticator app to snap a pic of the QR code shown on the screen, and you’re off to the races. (Do be a dear and make note of the Super Seekrit Emergency Backup Code that they put up on your screen. You’ll need that in case something goes horribly awry. I took a screen shot and threw it in Evernote.) Once you’ve set up two-factor auth, anytime you add a new app to Dropbox, or access Dropbox from a new account, you’ll have to fire up your authenticator app and enter a six-digit number to confirm that you are who you say you are. And that’s it.
(Please note: If you’re not the app-lovin’ sort, you can also enable this feature using SMS messages instead of one of the supported apps.)
All in all, it’s a pretty painless step, and adds another layer of security to your files, and thus, I deem it worth the 5 minutes.
You can learn more about how to enable this feature on Dropbox’s website. Don’t have a Dropbox account yet? You can sign up for one here, and I’ll get extra space on my account for the referral.
![[PSA] If you’re using Firefox, particularly on Windows, stop doing that.](http://www.covert-ops.org/wp-content/themes/songwriter-premium/images/slide.jpg)
Putting your recovery key in evernote because you’re worried about the safety of cloud storage seems a little nonsensical. I put mine in 1Password. 🙂
Yeah, I had mine in 1Password, too, but I have my 1Password data file on Dropbox. 🙂 I also printed out the recovery key and put it in the safe, which seemed like overkill. Too many options!
I also have my 1Password file on dropbox, but there’s also a copy on 2 phones and 1 iPad, plus all of the computers that sync to dropbox, plus on my backups (drives and cloud). With 1Password Anywhere, I figure I can probably get to it.
Too many options indeed.
I also have my 1Password file on dropbox, but there’s also a copy on 2 phones and 1 iPad, plus all of the computers that sync to dropbox, plus on my backups (drives and cloud). With 1Password Anywhere, I figure I can probably get to it.
Too many options indeed.
Fair point(s).
Started using Strip instead of 1Password as it utilizes 256 bit AES to encrypt the data. Once dropbox added two-factor, I wasn’t too worried about using it to store the data, and luckily Strip accommodates that with built-in syncing between all my devices to and from.
Oooh. I’ll have to look into that. Thanks for the pointer.