Revolutionizing Dropbox’s Two-Factor Authentication Logins with QR Scans

We offer you a unique platform journey to unlock your potential, create value for your business, and sustainable growth.

450,000

Dropbox Business and 12.7 million private accounts protected

$8bn

Dropbox valuation defended by KOBIL technology

Introducing Dropbox

US-based file hosting service Dropbox is one of the world’s biggest and most recognizable cloud storage brands.

Valued at US$8 billion when it filed for an IPO in 2018, its worldwide growth represents a remarkable success for founders Drew Houston and Arash Ferdowsi.

They launched the company in 2007 with an aim to deliver a simpler way to keep files in sync. Today it offers two main tiers of service: individual accounts and team (Dropbox Business) accounts.

Challenges

Dropbox Business accounts are used around the world to power safe and secure collaborative working across enterprises large and small.

Each account stores sensitive data, documents and other confidential information, meaning ongoing security is a priority for both Dropbox and its Dropbox Business customers.

A key priority, therefore, was to ensure that at all times only the right person has access to the right information. Integrating trusted digital identities into Dropbox’s log-in procedures was a major objective.

Aware that static passwords or OTP solutions are inherently insecure (apps for these are not protected and messages can be intercepted), Dropbox sought a multi-factor authentication solution that would guard against malicious attacks without disrupting the user experience.

Solution

Our expertise was enlisted to develop a hardened multi-factor authentication app built on QR codes, enabling Dropbox to reassure its users without introducing an unwieldy login process.

At each login, Dropbox Business users see a unique, user specific QR code. And because no sensitive password or log-on data is entered through the keyboard of the device, key loggers and other similar attack methods were instantly rendered powerless.

The Dropbox user simply opens their ‘Trusted QR Login’ app on their device and scans the generated QR code. This separately secured app automatically sends the scan to KOBIL's Smart Security Management Server, which confirms the user’s identity and authorization to Dropbox.

Scanning the code provides a secure two-factor authentication experience, because both the smartphone’s PIN (or TouchID on iOS devices) is used to open the app before the scan takes place.

Thanks to KOBIL's PKI-based solution and Digitanium, our end-to-end communication channel, Dropbox users can now access their Dropbox Business and private accounts 100% securely from their desktop, browser or mobile device – anywhere in the world.

KOBIL's QR code authentication system can be deployed quickly and seamlessly, with your existing Lightweight Directory Access Protocol (LDAP) or Active Directory acting as the basis for the verification process. This was a key attraction for Dropbox.

Users can now access Dropbox URLs by verifying their identity with a QR code. There is no need to specify an email address, making the entire process hassle-free and straightforward – without compromising on safety and security.