Time to drop Dropbox passwords

Hackers claim to have accessed the Dropbox passwords of seven million accounts. Several hundreds of the account details have been shared on the site Pastebin by the perpetrators. Dropbox outright dispute the claims. According to the company, its systems have not been compromised and the data shared by the hackers so far, was from a different unconnected service. time to drop the password

It's a messy situation. First off, it's not at all unprecedented that the claims of hackers turn out to be spurious. These hackers are looking to accept bitcoin payments in exchange for releasing more data. Several hundred account usernames and passwords were released, but who's to say they really have a further 6.9 million.

Add into that mix, although Dropbox claims the data released originates from a different service, many people use the same username and password across different sites. The hacked accounts might not originate from Dropbox, but some of them will allow access to that service and other sites.

A blog post by Dropbox said:

"We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.

"Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account."

We've gone over it before, the days of usernames and passwords should be numbered. On their own they're a vulnerable and inadequate solution to security. One way around this is to introduce two-factor authentication as the Dropbox blog posts mentions. Most major websites offer the service now. It's a good solution, but it's not the most elegant. It adds in an extra step: an additional layer of inconvenience. What we believe in here at Ensygnia is device-based authentication.

Our login and registration system says goodbye to usernames and password. Log in to your favourite sites with one scan from your mobile phone. Our solution precludes the need for usernames and passwords and there is no database to steal, so no more password hack headlines.

Click here to find out more about Ensygnia Onescan's solution for identity, payments and loyalty.

By Matthew Taylor 14th October 2014

Related stories around the web

Dropbox wasn't hacked - The Dropbox Blog

Dropbox denies claim that 7m Dropbox logins were hacked - The Guardian

Dropbox confirms compromised account details but says its servers weren't hacked - Tech Crunch

Dropbox passwords leak: Hundreds of accounts hacked after third-party security breach - Independent