After Dropbox’s last security incident, they seem to be trying to get on the stick about improving their privacy and security protections. Unfortunately their first, beta attempt seems to belie a poor understanding of the purpose of two-factor authentication – if you can get in through an unlocked side-door, putting in a dead-bolt on the front door is a little silly. But it appears Dropbox developers are being responsive to criticism and working quickly to fix the bugs that people have already begun to point out. And given that the two-factor authentication option is not yet available to the masses and you really have to go out of your way to be an early adopter of this technology, I can’t fault them too much. They’re clearly counting on us to help them get this right, which is much better than throwing up your hands and going with a demonstrably flawed status quo.
Dropbox doesn’t appear to be the only company that has learned from their security PR problems. Earlier this month, LinkedIn reported that they are accounting for $2-3 million in expenses to improve their security. It will be interesting to see how this plays out over the rest of the year. No word yet has come on whether Amazon and Apple have solidified a password-reset policy after Mat Honan’s epic hack, but I’m curious to hear what they finally decide on too.
With this many major vendors trying to visibly improve security in the same time-frame, will others soon follow suit? Will two-factor authentication be commonly available by the end of the year? Or will everyone get fed up and go back to insecure business as usual after all the hubbub dies down?