One of the things I find interesting about cloud security and companies that ask us to entrust them with our data is that they only act after something bad has happened. As in this case with Dropbox where a number of accounts were hijacked. And only after they were hijacked did they institute some additional security features.
My question is where were these security features before the hacking and why only after? Why not before? My Google accounts has double authentications and while it's a pain, I feel better about having it.
I think it doesn't matter if you're an Apple, Google, Microsoft, or RIM fan. Or if you're another cloud customer. Wouldn't it be better to have more security than not?
In the case of dropbox, it appears that one of their employee account was hacked and then that's where the problem started.
So, this is what Dropbox will be doing:
- Two-factor authentication, a way to optionally require two proofs of identity (such as your password and a temporary code sent to your phone) when signing in. (Coming in a few weeks)
- New automated mechanisms to help identify suspicious activity. We’ll continue to add more of these over time.
- A new page that lets you examine all active logins to your account.
- In some cases, we may require you to change your password. (For example, if it’s commonly used or hasn’t been changed in a long time)
More info on their website.
Let's hope more companies follow Google's example. I'm an iCloud user, Amazon, and of a dozen or more other online/cloud user. I sure would like additional security for my accounts. What happened to Dropbox is only the beginning. Frankly, I'm not surprised this has not happened even more.
Last year, we had companies with breaches with a number of credit cards. Millions. Be it a stolen laptop, employee password stolen from a third party site, or a server that was not properly protected, hackers will find a way in.
So, hopefully, others will follow Dropbox's example and not have to put its users needlessly through pain.