IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Dropbox users may get free storage if they adopt stronger security

Cloud storage firm will incentivise customers who 'don't know enough to care' about two-factor authentication

Dropbox will bribe customers with free storage to encourage them to implement two-factor authentication, as its users face a flood of cyber attacks every day.

The file-sharing firm plans to offer users of its consumer product extra storage if they undergo security healthchecks, because users are not adopting tougher measures themselves.

Two-factor authentication introduces an additional security step on top of simply typing in a password, with a common example being an SMS code sent to your phone.

Patrick Heim, Dropbox's head of trust and security, told IT Pro: "Changing the mindset of consumers is very difficult. Quite honestly the uptake [of two-factor auth] is relatively low when we're dealing with consumers.

"I want to get the message out we care about our customers, we want this turned on, and not enough people know enough to care."

He added: "One of the things we're working on right now is a project we haven't broadly disclosed yet, but it's really to incentivise consumers to go through a security healthcheck both in terms of the authentication settings, the sharing settings, etcetera, and when they complete that they may get additional free storage space as an incentive."

Dropbox hasn't announced the project publicly yet and there is no launch date for the offering, but Heim said it is an attempt to encourage better security adoption without emailing customers about it, which he sees as "spam behaviour".

The difference between consumer customers and enterprise users is stark, with IT departments able to enforce two-factor authentication with Dropbox for Business, among other security measures the product offers.

Heim told IT Pro that Dropbox will do its utmost to improve consumer security, but ultimately it is up to the users whether to use it or not.

"We're trying very hard to provide our customers with all the capabilities to protect themselves, but there is some responsibility [resting on the consumer] and I'm hoping that the sophistication of the average consumer is going to grow," he said.

It comes after Snapchat introduced two-factor authentication for users, and security researcher Graham Cluley aired doubts that its predominantly teenage userbase would adopt the measure.

"Huge number of attacks"

There are a "huge number of attacks against our users on a daily basis", Heim admitted, but said the company's systems are able to assess what these are, identify common attackers and take steps to protect users.

Most attacks come from hackers who have breached other sites, and test usernames and passwords on Dropbox and other cloud storage tools.

"It appears to be a very well organised activity, highly automated, technically sophisticated, and really at a very big scale," said Heim.

While other companies are also targeted, Dropbox now has 400 million users worldwide, with one in three UK internet users having a Dropbox account, according to the firm, making it potentially a higher profile target for hackers.

However, Heim told IT Pro many do not succeed, with Dropbox preventing hacker access by locking the account, before notifying the user and forcing them to change their password.

Dropbox's success has seen its brand abused by scammers and phishers who send fake emails purporting to be from the company, that actually steal passwords or download infections onto users' computers, the security chief admitted.

But he denied the firm has become a particular target for hackers compared to other storage services.

"In terms of direct attacks against us, we've seen nothing super out of bounds. We don't see ourselves specifically targeted by anyone," he said.

Conversely, the cloud is a safer place to store documents when protecting them from malware like ransomware, according to Heim.

His team helped 200 customers who fell victim to Cryptolocker, which encrypts documents until a ransom is paid, recover their documents earlier this year using Dropbox's ability to roll back to previous versions of files.

"Those are just the ones who didn't know how to do it themselves who called us," Heim added.

Planning for the worst

Heim is confident in Dropbox's defences were its safeguards ever breached, however.

"We plan for the worst," he said. "We've even architected the way we encrypt and store users' passwords in a manner where even if we were to get hacked and those encrypted hashes were stolen, it would be time and computationally infeasible for anyone to do anything with that information.

"We've designed with the assumption we may eventually have a failure, because nobody's perfect, and have taken additional architectural steps to make sure our customers stay protected."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Cloud security market to hit $106 billion by 2029
cloud computing

Cloud security market to hit $106 billion by 2029

11 Apr 2022
Alkira offers Check Point CloudGuard Security to secure virtual cloud networks
Cloud

Alkira offers Check Point CloudGuard Security to secure virtual cloud networks

29 Sep 2021
Iboss protects web sessions with remote browser isolation
Cloud

Iboss protects web sessions with remote browser isolation

16 Aug 2021
Most CISOs worry cloud software flaws aren’t being caught
cloud security

Most CISOs worry cloud software flaws aren’t being caught

7 Jun 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022