Dropbox, 2FA, FIDO, and You

fbDusting the blog off for a PSA. Hopefully most of you are aware of the news surrounding Dropbox’s 2012 hack and some of the new details surrounding it.

Not going to say too much beyond this but simply request that my friends (or anyone who reads this) do the following:

  1. If you’re using dropbox, change your password, even if you’ve done it since 2012. Make the new password unique (avoid reuse especially for services like this), and strong.
  2. Please, please, please setup two factor authentication (2FA). This article walks you step by step thru the process. Do NOT opt for text messages as the form of verification. Easiest is using a mobile app. If you want a recommendation, go with Authy. Its a terrific mobile app and syncs across devices. It has the added benefit of working with a number of common services like Gmail, facebook, amazon, microsoft live, wordpress, evernote, tumblr, slack, and I’m sure a list of others.
  3. Consider, in addition to #2, buying a FIDO U2F compliant security token, like Yubikey to secure the account. It’s not as convenient for mobile, but is more secure in my opinion. Doing 1 & 2 gets you solid. #3 is even better.

Finally, seriously consider setting up 2FA for all your accounts that have it. If you aren’t sure if your service offers it, check  here. If they don’t, tell them to get it or consider a competitor. If they only have SMS/text for 2FA, consider a competitor.