Dropbox Two-step Verification on Mac with Yubikey and OneTime

2012-08-30 23:12:06 -0400

Dropbox has made security-conscious users very happy with the recent addition of two-factor authenitication using OATH-TOTP. We are now pleased to announce that the latest version of OneTime for Yubikey adds support for Dropbox, allowing Yubikey owners to use their USB devices for 2-step verification on Mac OS X.

Unlike mobile applications or SMS delivery, a Yubikey with OneTime is highly portable and doesn't require a smartphone, cell coverage, or SMS service. Nor does OneTime make you re-type passwords from your device into login fields on the computer.

Getting started with Dropbox 2-step, OneTime and a Yubikey is very easy. You'll need to install OneTime on your computer and launch the application. Then, login to your Dropbox account page, locate the two-step verification status, and click "change".

Follow through the informational screens until you are prompted to choose a 2-step verification method. Choose to use a Mobile App instead of SMS.

On the next screen, above the QR code, click the link to "enter your security code manually" to view the raw Base32 encoded key data.

Select the raw key and copy the value to the clipboard. Then click the OneTime for Yubikey Icon in the Mac Taskbar, then Preferences, and switch to the Personalization tab.

Paste the secret key into the key field, choose the Yubikey slot to use (usually Slot 2), then "Write Config". Important Note: "Write Config" will irrevocably overwrite any existing configuration in the specified Yubikey slot. When shipped from the Yubico, slot 1 is programmed for the Yubico OTP services and slot 2 is empty, so it is usually the right default. However, if you already use slot 2 with a different service (i.e. GMail) you may want to buy a new Yubikey for Dropobox. Please be careful!

Once the configuration is written to the Yubikey you can start using it immediately. On the next Dropbox screen you'll be asked to enter the current one time password. Just use OneTime's "Insert OTP" menu item, or your global hotkey (⇧⌘Y by default).

Complete the setup process and write down your emergency backup code. Now you're ready to use your Yubikey for Dropbox access on any Mac with OneTime installed! 

 

Learn More » or Buy OneTime Now »

 

P.S. existing OneTime for Yubikey users can contact us to request a free upgrade to the latest version.

STRIP for Android Release

2012-08-27 11:19:41 -0400

We are proud to annouce that STRIP for Android, the secure password manager and data vault, is now available in the Google Play store!

STRIP has been protecting data on mobile devices since 1998, and we've continued to evolve the product over the years to run on iOS, Mac, Windows, and now Android. Like its peers, STRIP for Android has many advanced features and the best security available:

STRIP for Android

  • A flexible data format that allows you to organize your information how you want into categories, entries and fields (you can even create your own labels and specify their data type)
  • Full text search, providing quick access to find data where ever you are in the application
  • Synchronization via Dropbox and replication out to STRIP for Windows and STRIP for OSX (also ensuring that a reliable data backup is always available)
  • A secure random password generator
  • Assignment of icons to entries and categories for easy visual identification
  • Launch websites, dial phone numbers and address emails

Most importantly, STRIP for Android features complete data encryption, protecting your most valuable information with SQLCipher. An open source extension to SQLite, SQLCipher uses 256-bit AES to encrypt the entire application database. We began the process of porting SQLCipher to Android late last year in conjunction with The Guardian Project to ensure a stable and secure platform, before even starting work on STRIP for Android. SQLCipher has been independently reviewed by many security professionals; for instance Elcomsoft presented findings about STRIP at the BlackHatEU conference, concluding that the application backed by SQLCipher was the "the most resilient to password cracking".

If you are looking for a password and data manager on the Android platform that provides a high degree of security and user flexibility, check out STRIP for Android and let us know what you think.

Get it on Google Play

Tempo Maintenance, Thursday August 23rd at 9 PM EDT

2012-08-21 18:05:35 -0400

This Thursday night, August 23rd at 9pm EDT, Tempo and other web systems will be temporarily unavailable while we perform critical patch updates to ensure the stability of our services.

This maintenance outage will also affect the Tempo API, the the Connect website, and the site for Codebook.

Down time could last up to 1 hour, however we hope it will be completed much more quickly. If you need to get in touch with us for any reason, please don’t hesitate.

Tempo Maintenance, Thursday August 16th at 9 PM EDT

2012-08-15 12:31:16 -0400

This Thursday night, August 16th at 9pm EDT, Tempo and other web systems will be temporarily unavailable while we perform critical patch updates to ensure the stability of our services.

This maintenance outage will also affect the Tempo API, the the Connect website, and the site for Codebook.

Down time could last up to 1 hour, however we hope it will be completed much more quickly. If you need to get in touch with us for any reason, please don’t hesitate.

Strip for Android Preview

2012-07-25 15:15:56 -0400

We mentioned awhile back that we were busy working on a port of Strip for the Android platform. Development has been coming along smoothly and we launched a beta testing program to get feedback from some of our most enthusiastic users which has been very successful. Below you can see what some of the interface looks like:

If you are interested in using the same technology that was identified in the most resilient application to password cracking at the BlackHatEU conference on the Android platform be sure to sign up here to be notified when Strip for Android is released.