Revolutionizing Dropbox’s Two-Factor Authentication Logins with QR Scans
US-based file hosting service Dropbox is one of the world’s biggest and most recognizable cloud storage brands.
Valued at US$8 billion when it filed for an IPO in 2018, its worldwide growth represents a remarkable success for founders Drew Houston and Arash Ferdowsi.
They launched the company in 2007 with an aim to deliver a simpler way to keep files in sync. Today it offers two main tiers of service: individual accounts and team (Dropbox Business) accounts.
Dropbox Business accounts are used around the world to power safe and secure collaborative working across enterprises large and small.
Customer data protection
Each account stores sensitive data, documents and other confidential information, meaning ongoing security is a priority for both Dropbox and its Dropbox Business customers.
A key priority, therefore, was to ensure that at all times only the right person has access to the right information. Integrating trusted digital identities into Dropbox’s log-in procedures was a major objective.
Static password replacements
Aware that static passwords or OTP solutions are inherently insecure (apps for these are not protected and messages can be intercepted), Dropbox sought a multi-factor authentication solution that would guard against malicious attacks without disrupting the user experience.
Our expertise was enlisted to develop a hardened multi-factor authentication app built on QR codes, enabling Dropbox to reassure its users without introducing an unwieldy login process.
At each login, Dropbox Business users see a unique, user specific QR code. And because no sensitive password or log-on data is entered through the keyboard of the device, key loggers and other similar attack methods were instantly rendered powerless.
The Dropbox user simply opens their ‘Trusted QR Login’ app on their device and scans the generated QR code. This separately secured app automatically sends the scan to KOBIL’s Smart Security Management Server, which confirms the user’s identity and authorization to Dropbox.
Scanning the code provides a secure two-factor authentication experience, because both the smartphone’s PIN (or TouchID on iOS devices) is used to open the app before the scan takes place.
Thanks to KOBIL’s PKI-based solution and Digitanium, our end-to-end communication channel, Dropbox users can now access their Dropbox Business and private accounts 100% securely from their desktop, browser or mobile device – anywhere in the world.
Built on existing systems
KOBIL’s QR code authentication system can be deployed quickly and seamlessly, with your existing Lightweight Directory Access Protocol (LDAP) or Active Directory acting as the basis for the verification process. This was a key attraction for Dropbox.
Users can now access Dropbox URLs by verifying their identity with a QR code. There is no need to specify an email address, making the entire process hassle-free and straightforward – without compromising on safety and security.
Around the world, more than 450,000 teams using Dropbox Business accounts have seen their online security enhanced with seamless authentication processes that do not require passwords.
The introduction of QR codes has also increased the security hurdles faced by external devices, giving users even more faith in Dropbox’s systems.
This has boosted trust and goodwill towards Dropbox, enabling it to continue to plan for an exciting future without the concern of simple security breaches undermining its market positioning.