Some of our Managed IT Service clients were concerned about news articles stating that Dropbox passwords had been compromised today. It appears that Dropbox itself was not compromised, but many user passwords were compromised on other online services and those people used the same password for their Dropbox account. This allows an attacker to gain access to multiple services with a single password. The link below contains some information on this topic.
All in all, this incident is a good reminder to:
- Change passwords frequently
- Use a different password on each service
- Use a password manager
- Use two-factor authentication, whenever possible
Dropbox does support two-factor authentication and you should enable it on your account.
You should also change your password on Dropbox, if you have ever used that same password on another online service.
Two Factor Authentication requires Dropbox to send you a text message anytime you try to install Dropbox or connect to Dropbox through a web browser. You then enter that text message code into the system to allow access to your data. It is fairly unobtrusive and provides a much greater level of security than simply using a password.
For an attacker to gain access to your account, they would have to steal both your password and your cell phone. This makes it very unlikely that an attacker could break into your Dropbox account.
Two factor authentication is available on many other online services as well and is worth a look. Services such as OneDrive, Gmail, and Facebook also offer this added layer of protection for your information.
Source: Old Site