Conversations about life & privacy in the digital age

2-Factor Authentication to your SpiderOak Account

We are now offering limited support for 2-Factor Authentication into your SpiderOak account.

2-Factor Authentication provides an additional layer of security on top of password protection. In other words, if someone were to compromise your username and password, these two elements alone would not be enough to allow them to access your SpiderOak account.

As a first step, we are offering this new feature to paid users only who have phone numbers located inside either the US or Canada. Given that a high percentage of SpiderOak customers (and several SpiderOak team members) live outside North America, we will soon eliminate this restriction.

To enable 2-Factor authentication for your account, you may either login to SpiderOak.com or navigate to the SpiderOak application — > Account –> Credit Card / Billing Information section. You will then notice a new option labeled ’2-Factor Authentication’.

Once enabled, any time you login to your SpiderOak account via the web or a mobile device, you will need to provide your current username, password, AND a ‘token’. The ‘token’ will be sent to your mobile device and should be entered directly after your password with no spaces or marks between them. For example, if your password is ‘red’ and the token reads ’1234′ then you would simply enter ‘red1234′.

Each 2-Factor Authentication token you receive is good for 12 hours and can be created here: Token Request. The text message you receive will look similar to the below:

SpiderOak Secure Login Token: 01234567
This code is good for 12 hours. If this login
code was unexpected, email
support@spideroak.com

You can only request one token every twelve (12) hours. If you try to request a token more frequently than twelve hours, subsequent attempts will silently fail. If two factor authentication is enabled for your account, any login attempt that does not include a current token will also fail (similar to entering an invalid password or a non-existent username).

Please Note: This is an optional feature that has to be manually enabled by the user. If 2-Factor Authentication is not enabled, the login procedures will remain unchanged – continuing with a password-only based login.

For the first days of this trial-program, 2-Factor Authentication will only protect web based logins. Over the course of the next several days, we will be extending this feature globally and anywhere you have to authenticate to SpiderOak (e.g. activating new devices and/or reinstalling existing devices).

Finally and as a reminder – even with two factor authentication, the usual recommendation still applies, and accessing your data via the desktop client is more secure than the web and/or through mobile devices.

For those curious about how 2-Factor Authentication is implemented, we are working with the excellent Twilio telephony API to deliver the SMS messages. It costs SpiderOak $0.01 per SMS token which we believe to be more than reasonable and money well spent.

Depending on the interest and adoption, we may extend this to Android OATH tokens, Yubikeys, or other various secondary security factors. Please feel free to give feedback on what additional methods you’d like to see and/or the arrangement in general. We are obviously in the early phases now but excited to be adding this additional security layer for those security conscious folks among us.

Comments

  1. Matt says:

    +1 for OATH :)

  2. Paul says:

    Multi factor authentication is a cornerstone of strong access controls. I can't wait until you roll this out to the client as well.

  3. dougfort says:

    This is a good thing.

  4. Chip says:

    I use the little number keyfobs on PayPal and eBay, and it's nice to see other places adopting multi-factor auth. You're currently doing better than my bank. :)

  5. David says:

    Cool, it's good to see that you're adding more layers of security, instead of removing existing layers :)

  6. Tom says:

    Im liking this quite a bit, just got to wait for you to roll it out to the uk :)

  7. SA says:

    Incredible. This was at the TOP of my want list ever since Google added the same second layer of authentication. This is an incredible service and more than worth my annual payment!!!

  8. Sysrich says:

    This is awesome – I especially like the Android OATH token idea. Any possibility of opening up the protocol in a similar way to how Google did with theres, so theoretically folk could write their own second factor apps? (I for example have a programmable wristwatch that displays my Google token)

  9. Jason says:

    Please support Google Authenticator!

  10. Ben M says:

    You guys should check out Duo Security. It would be nice to have offline and non-SMS options for this, and something out of band to prevent MITM attacks. Their push stuff totally rocks!

    Also nice goatse. I see what you did there! :-)

  11. Seth G. says:

    Yubikey would be awesome along with OAuth

  12. Eugene says:

    +1 for OATH!!!

  13. Ian says:

    +1 for Yukikeys :)

  14. SteveO says:

    +1 for Yubikey

  15. David C says:

    +1 for Yubikey

  16. Patrick C says:

    Google 2-factor is great. Allow to chose between an Smartphone application or SMS. If my smartphone fails I could ask for a SMS on an another phone by changing my sim card and still log to my account.
    Yubikey is great also (but only work on desktops).

  17. merge says:

    thanks a lot! So will mobile/web access automatically be compatible? I'd use it for your Maemo/N900 app!

    +1 for Yubikey

  18. Gilligan says:

    Will one time codes be available as a backup for situations when SMS is not available?

  19. Decrease the 12-hour limit says:

    I'd really like to use this when you roll it out to desktop/mobile applications, but I'm concerned about the 12-hour limit (assuming this is a one-time use token, as this sort of token usually is). Since I use SpiderOak on four different devices, if I was burgled or my house burned down or something, it would take 48 hours for me to log into SpiderOak on all of my replacement devices and start restoring my data.

  20. Matthew L Daniel says:

    Yubikey is great (I have two), but the Android OAuth is more convenient (I use it for Gmail).

  21. Alex Amiryan says:

    It would be great to have ability to use Yubikey as second factor authentication.

  22. Patent trolling alert says:

    Ericsson has a patent on using SMS in 2-factor auth. Just sayin'

  23. Ryan says:

    +1 for Yubikey, especially with mobile as a backup.

  24. Nicholas Lee says:
  25. jeremy says:

    I (and many others, I guess) already have a SecurID hardware token for Paypal/eBay. Being able to use that with SpiderOak as well would be very convenient.

  26. damnated says:

    +1 OATH

  27. lazza says:

    Great news guys. After researching different online storage providers yours was up there due to security and this steps it up another notch! Great to see you guys focusing on security as a priority.

  28. geekux says:

    I would love to see support for Google Authenticator.

  29. rolf says:

    +1 Yubikey

  30. Ben Vanik says:

    +1 for Google Authenticator – already using it, so it'd be super convenient!

  31. jbon says:

    Would love to be able to identify specific machines as not needing 2-factor. E.g. my home desktop I consider secure enough not to need it, so I'd rather avoid the annoyance. Lastpass does this with Yubikey, though I'm not sure how it is implemented. Really you'd get 99% of the security by using 2-factor only to add/remove devices from an allowed list.

  32. woonix says:

    Consider a printable 2nd factor like this grid that LastPass has implemented: http://helpdesk.lastpass.com/security-options/grid-multifactor-authentication/

  33. Michelle Peters says:

    i'd also recommend checking out Duo Security…we use it for customer login on our site and it seriously took like 30 minutes to drop the websdk into our website:

    http://www.duosecurity.com/docs/duoweb

  34. Bob says:

    Yubikeys!!!!! Definately!

  35. GouldDina27 says:

    Every body acknowledges that today's life seems to be high priced, nevertheless we require cash for different issues and not every person earns big sums money. So to receive quick <a href="http://bestfinance-blog.com">loans</a&gt; or just consolidation loans would be a proper solution.

  36. @emostar says:

    +1 for Yubikey!

  37. nickp says:

    I'd like to see yubikey integration too

  38. press__250 says:

    What is the ETA for enforced 2-Factor Authentication on the SO Client?

  39. emory says:

    Duo Security would be an excellent partnership for SpiderOak, imo.

  40. anon says:

    +1 for Yubikey. As alternative Google Authenticator.

  41. Greg says:

    +1 for Yubikey

  42. Anonymous says:

    +1 for YubiKey. or some iPhone/Android App would be nice :P

  43. infostripe.com/bcdady says:

    Yubikey+1

  44. Bartiromo says:

    Yubikey++

  45. Paulius says:

    +1 for Yubikey. I'm already using it on Passpack and Fastmail.

    It's very nice that you are implementing Two-Factor authentication. It would provide even more superiority over other services.

  46. Wolf says:

    A definite +1 for Yubikey support!

  47. henry says:

    I'm using Yubikey, too. Would be great to have support for it!

  48. LG says:

    +1 for yubikey !

  49. Tom says:

    I use google 2 factor using the android authenticator app. It would be great if spider oak could use the google code to build your own app.

    Also I like the way that Google allows the user to "clear" a device for 30 days, as this allows the device to be verified by 2 factor and then avoids having to reverify every time you logon.

    Also serious thought should be given to recovery if the user loses their phone or other device used for two factor. Overall i think Googles implementation is very good and you wont go far wrong by following them.

    I'm currently a paying dropbox user, but given all the security issues recently i'm looking to move over to spider oak,2 factor security is a major feature that will make me move over.

    Also +1 for UK sms support :)

  50. Nicolas says:

    +1 Yubikey

  51. Michael says:

    +1 for using an Android app for 2 factor. I use the Google Authenticator and also the VIP Access (from Verisign) apps for access to different services.

  52. Steve says:

    +1 for Yubikey

  53. Joe says:

    Yubikey (with mobile sms as backup) would set spideroak so far ahead of the competition they'll be eating your dust for months!

  54. Noel says:

    BIG +1 for Yubikey

  55. Marcos says:

    +1 for Google Authenticator. It uses some standard RFC for HOTP and an extension for that for TOTP.

  56. Alex says:

    +1 for Yubikey

  57. Oliver says:

    +1 for Yubikey

  58. Doug says:

    +1 for Yubikey!

  59. Baron says:

    Security, especially from the country I'm coming from, is paramount. It was exactly this why I chose Spideroak over other services. It's sad that the 2nd auth isnt global. I'd also like something else than sms/yubikey as that would restrict my access at all times(not to mention the possibility of illegal wiretaping that includes SMS). I'm very happy with LastPass and their auth systems – grid or a OTP generation program. Something like that would be universal, inexpensive and very portable. Any chances of that?
    Thanks

  60. Guy says:

    +1 for Yubikey!

  61. Chris says:

    Please allow me to use my Verisign PIP app on my phone!

  62. Alex says:

    Being able to log in with Google Authenticator would rock…

  63. Dukes says:

    +1 for Yubico Yubikey.

  64. Joel says:

    +1 yubikey

  65. Jackson says:

    +1 Yubikey!

  66. Stuart Moore says:

    +1 for Yubico Yubikey (UK user)

  67. Aerion says:

    I'd love to see support for Yubikey, whether via their own OATH/OTP servers or Verisign's VIP service (also offered by Yubico)

  68. Patrick says:

    +1 for Yubikey

  69. Will says:

    Yet another +1 for Yubikey and/or VIP!

  70. ChriZ says:

    +1 Yubikey

  71. Michael says:

    Please support Android OATH token! Thanks.

  72. Linux Guy says:

    +1 Yubikey

    I already have one. Please use the Yubico back-end so I can feel free to change the AES key as often as I like and continue to use it as a Two factory Auth for all my PAM Linux uses.

    This is how LastPass has it.

  73. Dave - another linux guy says:

    +1 Yubikey

  74. Peter says:

    Great! But search for international carriers for international SMS. Your Partner would take about 23 cents per SMS to Germany, there are some good alternatives for as low as 2 cents, i use this: http://ib-systems.de/index.php?page=konditionen_messaging
    It would be great to have this feature in Germany :)

  75. Noel says:

    One-Time Passwords a la LastPass or Fastmail

  76. A 3rd linux guy says:

    +1 Yubikey!

  77. Panozk says:

    +1 for customers in Europe :-)

  78. A;ex (linux) says:

    +1 Yubikey

  79. Arx Linux says:

    +1 Europe Spain.

  80. Rob F says:

    A big +1 for OATH/Android please!

  81. Simon C says:

    Please extend to YubiKey. In doing so you will will further endear people who want a secure pre-Internet encryption way of encrypting our data.

  82. David P says:

    Am looking forward to this coming to Australia. I'd also be interested in the YubiKey as an alternate or replacement authentication device in the event I were to lose the phone and needed to get back in.

  83. KJ says:

    Yubikey please

  84. Kevin says:

    Yubikey support would be so awesome, now that they support Dvorak layout users!

  85. Mike says:

    OATH!
    Google Authenticator or Verisign VIP Access.

  86. Gene Wood says:

    +1 for Yubikey. This is what I use elsewhere and prefer. I probably wouldn't use the SMS based 2-factor that is mentioned here, but if there was yubikey support, I'm in.

  87. James VL says:

    +1 for Yubikey, with a fail-over option to SMS.

  88. UFish says:

    another +1 for Yubikey

  89. frank says:

    Yubikey please as I use such with fastmail.fm and self hosted wordpress.org blogs

  90. smes says:

    +1 Yubikey.

  91. AxMi-24 says:

    +1 yubikey
    +1 Europe
    Excellent initiative. I don't access my data any other way except by the desktop client but more security is never wrong.

  92. Jan says:

    +1 for Yubikeys!

  93. Paddy Landau says:

    What would happen if the phone is stolen or lost? We need an alternative method to log in.

  94. Robin says:

    I'd like to see Yubikey as well but the problem with them is that there would be no way to use them on a mobile device so you'd have to be able to use either Yubikey or your current method.

  95. Gilles says:

    Good news, but as I consider my desktop computer "safe", I'd like to use the 2-Factor authentication only for the mobile and web access. Would it be possible to configure it this way ?

  96. Luke says:

    Yea! I'd love to be able to use Yubikeys for this!

  97. Chris Strzelczyk says:

    I would love to see Yubikey, this is a wonderful start to enhanced security. ~ thanks

  98. Jon Molesa says:

    +1 for OAUTH
    +1 Yubikey

  99. Jon Molesa says:

    LastPass has some interesting additional options including something they call grib, One-time passwords, and being able to select trusted devices. I like the idea of OTPW's a lot. If for some reason you must access your account via the web especially from an untrusted computer then using a one-time pass is a great option.

    What I'd like more information on though is how is it possible to add unlocking options to my key if it's encrypted on my local machine with a password of my choosing and only known to me.

  100. Todd Eddy says:

    +1 Yubikey

    Also since I add headless linux devices is there a token field in there I can update? Doesn't happen often so I can just disable 2 factor, add the computer, then re-enable it.

  101. mathew says:

    I second the request for Google Authenticator support.

  102. John Abreau says:

    +1 for Yubikey support!

  103. Qwerty says:

    +1 for Yubikey!

  104. lasermole says:

    +1 Yubikey support!

  105. Col says:

    Eagerly awaiting this for non-US users!

  106. Mike H says:

    +1 Google Authenticator

  107. stephen says:

    +1 Google Authenticator- which really is just an application to HOTP and OTP

  108. Michael says:

    +1 for Google Authenticator

  109. Bruno says:

    +1 for OATH / Google Authenticator

  110. Guenter says:

    I use a few cloud based backup solutions but spideroak gives me a warm feeling of safety indeed. I get the feeling that spideroak really tries to do its best to fix common cloud problems, like security and safety of information, even in a case if some has been hacked.

    Thumbs up for This!

  111. Michael D says:

    +1 for Yubikey!

  112. bizmar says:

    +1 for Yubikey

  113. soupwell says:

    +1 for OATH

  114. iworm says:

    Aug 13, 6.20AM – stonking great spam posting. Which leads one to suppose you are not actually looking at these comments….? If you *were*, then +1 for Android auth. Hmmmm?

  115. Aypz says:

    +1 for Yubikey

  116. Luis Aranguren says:

    Yes please! Yubikey +1

  117. Joe says:

    +1 for Google Android Authenticator
    +1 Yubikeys

  118. JRH says:

    +1 for Yubikey

  119. Scott says:

    +1 for Yubikey also :)

  120. Sven says:

    +1 for Yubikey

  121. David says:

    yubikeys are a must!!

  122. Steve says:

    +10 for Yubikey!

  123. Sid says:

    Given that i'm in China, I can't wait for this to be rolled out here as well…c'mon guys, when can I have this enabled? :)

  124. Frank says:

    Yubikey for me pls

  125. C says:

    +1 Google Authenticator. Yubikey cannot be used on my android phone. I switched from it on lastpass as soon as google authenticator was available.

  126. C says:

    +1 Google Authenticator. Yubikey cannot be used on my android phone. I switched from it on lastpass as soon as google authenticator was available.

  127. Esekiel says:

    +1 for Google Authenticator.

  128. PBee says:

    +1 for Google Authenticator as it also works with the iPhone

  129. Peter says:

    +1 for Android OATH

  130. Alex says:

    +1 for Google Authenticator

  131. Theru says:

    +1 for Google Authenticator

  132. Jon says:

    +1 for Yubikey

  133. Nick says:

    +1 Europe!

  134. Tomi says:

    +1 for Yubikey support and please, please make an iOS app with upload capability!

  135. Vinicius Seixas says:

    +1 for Yubikey!

    I already use a Yubikey and it would be awesome to be able to use it with SpiderOak.

  136. Andy says:

    +1 for Google Authenticator. Already use it with several other services.

  137. Sean says:

    +1 for TeleSign

  138. Robert says:

    +1 for Yubikeys
    +1 for OATH
    +1 for Google Authenticator

  139. Michael Kubik says:

    I would really like to see the addition of Yubikey. which I already use elsewhere

  140. Coljac says:

    Still waiting for this to be generally available!

  141. Press250 says:

    =====
    For the first days of this trial-program, 2-Factor Authentication will only protect web based logins.
    =====
    Clearly, this is a definition of "first days" that I was previously unfamiliar with. ;-) Six months later and still no 2-Factor authentication in the SO client. So even if I turn on 2-Factor authentication, an intruder need only install the SO client to avoid the added layer of security. Until 2-Factor authenticaiton is enforced on the SO client, this is nothing more than a novelty.

  142. YubikeyFan546 says:

    I was just searching for other online backups like Dropbox and Wuala and I just jumped up when I noticed this supported Yubikey but first, why only Canada/USA and second why only web page? Unles it's enforced for the client (and any devices you choose to add) this will only partially increase security.

  143. Manu says:

    I would love to see an mobile app like Google Authenticator.

  144. AlexMcF says:

    +1 For Google Auth

  145. CodyR. says:

    +1 for Yubikey support. I would become a paid user instantly with Yubikey support.

  146. Peter says:

    +1 for Yubikey

  147. Fábio André Damas says:

    +1 Yubikey would be awesome and since the implementation is painless, I think it's a win win :)

  148. Laura Deitch says:

    Recently I activated two-factor authentication into my Gmail Account. I read about two-factor authentication product of TeleSign that works with any phone and can be deployed worldwide.

    API integration is quick and seamless and no need to purchase any hardware. TeleSign’s solution is fully redundant on all hardware, network, and telecommunications layers.

    Visit http://www.telesign.com/products-demos/two-factor-authentication/ for more details about two-factor authentication product.

  149. Zack says:

    OAUTH

  150. Julian says:

    +1 Google Authenticator! It's readily available on multiple devices. Cheap. Easy. Convenient!

  151. Leila says:

    +1 for Yubikey, especially with mobile as a backup.

  152. Cliff says:

    Google Authenticator. Yubikey cannot be used on most mobile devices. I own one, but when Lastpass offered Google Authenticator, I switched cause it is better.

  153. Alex says:

    +1 for Yubikey

  154. Michael says:

    +1 for Yubikey, that would make me a paying customer right away

  155. Dimitry says:

    +1 for Yubikey
    +1 for Google Authenticator
    +1 for OAuth
    +1 for GrIDsure kind of token
    Give people a choice and they become customers.

  156. fat says:

    Google authenticator

  157. Alex says:

    +1 for Google Authenticator

  158. Nicolas says:

    +1 for Google Authenticator
    +1 for Yubikey

  159. Xan says:

    +1 Yubikey. I really want to find something awesome to use it for.

  160. Christopher says:

    +1 Yubikey

  161. Brad Beckett says:

    Restrict the SMS function to 2 per 24 hours and integrate this open source OTP system that already had clients for every device: motp.sourceforge.net

  162. RM says:

    Google Authenticator

  163. Veridor says:

    Yes, implementing a token like Google Authenticator would be epic win.

  164. Thomas says:

    Google Authenticator Pleeeeaaaase !!!

  165. Casey says:

    +1 for Yubikey!

  166. Niels says:

    +1 for Yubikey!
    +1 for Google Authenticator

  167. Luke says:

    +1 for Yubikey

  168. Roy says:

    +1 for Google Authenticator

  169. Tom says:

    Hello? OATH TOTP (google authenticator) support please!

    People want offline 2-factor, and you insist on paying $.01/SMS to send tokens that can be intercepted (SMS isn't *that* secure)? Why?

  170. Eric says:

    please add google authenticator support.

  171. Tony says:

    I'd really like to be able to create a share with it's own 2 factor authentication. Either I provide the phone number, or you put up a webform for the guest to put in their phone number. I have some sensitive docs that I want to share with my family, but am reluctant to share as it seems the only thing protecting them is an obfuscated URL.

  172. raybf says:

    +1 Google Authenticator

  173. Constantine says:

    +1 for Google Authenticator

  174. Yubiplease says:

    +1 for Yubikey!

  175. Tom says:

    Using a second passphrase for 12 hours breaks your 2-factor model. The second phassphrase is a proxy for the possession of the phone, so if you stretch it past "temporal" then you just end up with a 2 x 1-factor login.

    I applaud the effort but this is a serious flaw. Read NIST 800-63 …

  176. Stephen says:

    +1 for SAML

  177. unixninja92 says:

    +1 for Google Authenticator

  178. Peter says:

    +1 for Europe!

  179. Tom says:

    +1 for Google Authenticator
    +1 for Europe!

  180. Nels says:

    Sweet…I have Yubikeys if you need a guinnea pig. This would be very useful.

  181. Michael says:

    +1 for both Yubikey and Android OATH

  182. Germain says:

    Hooray! Spideroak is the best! :D (Thank you so much for the extra space for .edu accounts!)

  183. Urs says:

    Yubikey + Google authenticator next please

  184. Craig says:

    +1 for Yubikey!

  185. Oscar says:

    +1 for Yubikey, Get it and I am totally in, will pay for it

  186. Bob says:

    +1 for Yubikey!!!

  187. Aaron says:

    +1 Yubikey

  188. Captain K says:

    +1 for Yubikey

  189. William@Oz says:

    Yubikey is a good option. It avoid spideroak from paying for the SMS it sends.

  190. Nice ! says:

    could you please use Google Authenticator (goggle's two-factor auth?)

  191. Dave says:

    +1 RFC 6238 Time-based One-time Password (TOTP) (Same as Google Authenticator)

    When will this be available for International customers?

  192. Colin says:

    We're getting on to a year after this announcement. Any chance of an update on the future of 2-factor authentication?

  193. jamie says:

    Yubikey would be awesome

  194. Nathan T says:

    +1 for Yubikey

  195. Alex says:

    Same as Colin – when's the update on if/when Yubikey etc will be available for International customers?

  196. Ralph says:

    Cant have enough security

  197. Kernel says:

    +1 for Yubikey!!

  198. albatros says:

    +1 for Google Authenticator

  199. Bjarne says:

    As this seams to have turned into a poll I will just drop my

    +1 for Yubikey, as I already have one

  200. 2pac says:

    +1 for yubikey

  201. cagold says:

    +1 Yubikey

  202. Khaal says:

    I'd really like to see this extended to google authenticate. It's the last piece of security I'd like to see implemented here.

  203. Mello says:

    +1 for Yubikey, Already using it for LastPass!

  204. Rick says:

    +1 for Google Auth

  205. Chris says:

    +1 Yubikey

  206. ChrisG says:

    +1 Yubikey! I also am using it for lastpass. Actually found SpiderOak searching for storage and sync that used Yubikey.

  207. alex says:

    +1 for yubikey

  208. Yaazz says:

    ++ Google Authenticator
    + Yubikey

  209. SCMProfessor says:

    +1 Yubikey!

  210. AlohaJerry says:

    Yubikey is great for MANY things, but because of the mobile stuff, I think that something like the Google Authenticator might be a better fit, generating One-Time Use Passwords on your mobile device directly. (saving money of SMS)

  211. Tom says:

    +1 for Yubikey

  212. YubiUser says:

    +1 for Yubikey

  213. Daniel says:

    +1 for Yubikey here

  214. Ian says:

    +1 for Google Authenticator

  215. Michael says:

    +1 for Yubikey
    Just ask Steve Gibson what he thinks of Yubikey :)
    http://www.grc.com/securitynow.htm

  216. John says:

    +1 for Yubikey

  217. jwmelvin says:

    +1 Google Authenticator. Please.

  218. Tom says:

    +1 Google Authenticator. It's the most convenient, it allows me to use lastpass and gmail 2 factor auth in one app.

  219. Steve says:

    +1 Google Authenticator

  220. Martin says:

    +1 Yubikey

  221. zeroXten says:

    yubikey++

  222. Vinny Perella says:

    + Android OATH

  223. adrian says:

    Yes please to android OATH!

  224. Eric says:

    +1 Google Authenticator!

  225. Eric says:

    +1 Google Authenticator!

  226. exatto says:

    +1 Google Authenticator

  227. EB says:

    +1 for Yubikey or Google Authenticator :)

  228. Samson says:

    Seriously, the key to making two-factor authentication a thing is to use open standards. That means anything OATH-compatible: Google Authenticator, Android OATH, etc. . . I'm being totally honest here, the moment you support OATH I'm going to magically turn into a paying customer. I'm already hooked on your service, and would pay if I ended up using the storage space / weren't also using DropBox simultaneously for my non-critical stuff.

  229. Pharme200 says:

    Hello! bbckcga interesting bbckcga site! I'm really like it! Very, very bbckcga good!

  230. Pharmb451 says:

    Very nice site! <a href="http://apxyieo1.com/qyoaat/1.html">cheap viagra</a>

  231. Pharmd699 says:

    Very nice site! [url=http://apxyieo1.com/qyoaat/2.html]cheap cialis[/url]

  232. Pharmd224 says:

    Very nice site! cheap cialis http://apxyieo1.com/qyoaat/4.html

  233. Pharmd369 says:

    Very nice site!

  234. Pharmb857 says:

    Hello! kebdcea interesting kebdcea site! I'm really like it! Very, very kebdcea good!

  235. Pharmk765 says:

    Very nice site! <a href="http://apxyieo1.com/qyoaat/1.html">cheap viagra</a>

  236. Pharmg541 says:

    Very nice site! [url=http://apxyieo1.com/qyoaat/2.html]cheap cialis[/url]

  237. Pharmd392 says:

    Very nice site! cheap cialis http://apxyieo1.com/qyoaat/4.html

  238. Pharme534 says:

    Very nice site!

  239. Jan says:

    The only thing holding me back from upgrading my account is the not yet implemented Yubikey two factor auth.

  240. tzucker says:

    I enabled 2 factor authentication on my account and was locked out until I called customer support. They had to take 2 factor auth off and then I had to go in and change my password. (apparently this implementation of 2 factor auth didn't like special characters in your password)

    Has this been fixed? noone ever got back to me to say.

  241. RNTfuture says:

    When will this be available for International customers?

  242. Matisse says:

    I'm a paid user and I'm definitely interested in either yubikey or google auth. I tried enabling the current system and it seems just too clunky to me. Any news on when we can expect an update of the 2-factor feature?

  243. Tom says:

    Still waiting for google authentication suport!

  244. Gabe says:

    +1 for Yubikey

  245. richard says:

    i was wondering if i could use my Google authenticator

  246. Bart says:

    Another vote for Google Authenticator support — I already use it for Gmail and Dropbox and it's available on every mobile platform. This eliminates dependency on access to SMS.

  247. pjw says:

    Yubikey, please.
    My email provider uses it (FastMail). Usage is simple and convenient, provides excellent security for website access when away from your own computer.

  248. pjw says:

    Google Authenticator is -not- available for all mobile platforms.

  249. MrTux says:

    +1 for Google Authenticator

  250. JP says:

    I think I will cancel my SpiderOak account.. It's almost 2013 and still using silly SMS schemes instead of Google Authenticator or a Yubikey. Come on how can you claim to be security conscious on this site if your dual factor auth is so lame. Makes me wonder how secure this site really is under the covers. Even Lastpass has you guys beat in the number of dual factor options they offer.

  251. Rob Alfieri says:

    Google Authenticator would be good.

  252. lothar says:

    +1 for yubikey.
    it would also be nice to see this while we're young….

  253. Daacs says:

    +1 Google Authenticator

  254. Steve says:

    I vote for yubikey support, this would be a huge plus for me!

  255. Chaim Krause says:

    +1a Yubikey and +1b Google Authenticator

  256. Christopher says:

    +1 Google Authenticator

  257. Tran says:

    +1 Google Authenticator. If you're gonna provide 2-factor authentication support for international users, Google Authenticator will save your company a lot on the phone bill. And not every carrier is reachable with SMSes.

  258. Phil says:

    +1 Google Authenticator

  259. Piper says:

    +1a Yubikey and +1b Google Authenticator

  260. Magnus says:

    Please add OATH and/or Yubikey support promtly! It's the only thing keeping this from being a 5-star security service!

  261. Robert Cross says:

    Would love to see Yubikey support!

  262. Michael S says:

    +1 for Yubikey

  263. josh s says:

    +1 for yubikey

  264. Theo says:

    +1 Yubikey.

  265. Brandon S says:

    Google Authenticator would not incure a per transaction cost and would allow global support. Yubikey is also good but is dependant on yubico as a third party.

  266. Sebastian says:

    +1 Google Authenticator

  267. Kevin says:

    Please, at least you guys need to post something newer here with your current plans or thoughts.

  268. Alex says:

    As a non-USA customer, you guys really need to implement this! For procurement with big customers we are asked about our authentication levels and this causes us (your clients) problems. Just some idea of a roadmap would help!

  269. Kevin says:

    Please add Yubikey and Google Authenticator support!

  270. Alex says:

    I just added a new device to my network and wasn't prompted. Does two factor authentication only work for web logins? If so, what good is it if someone can just download the client and try to login that way?

  271. Ben says:

    +1 Google Authenticator

  272. Jon says:

    +1 Yubikey

  273. Philip says:

    +1 Google Authenticator

  274. Nigel says:

    Still no 2-Factor Authentication for non us users, from a company who's reputation is built on security this is shocking. So is the lack of official response. Time for us users to vote with our feet and move else where.

  275. Pablo says:

    Please provide Google Auth and move it up on your priority list

  276. Daniel -in Britain says:

    Please, please include Google Authenticator as soon as possible.

  277. Richard - Toronto, ON CANADA says:

    +1 Google Authenticator

  278. Justin - UK says:

    Approaching 2 years later, and still no two-factor support for us non-USA customers. I feel rather let down…

  279. Mike in New York says:

    A solid two-factor authentication is the only thing holding me back from a premium paid membership. I would love to see use of the Google Authenticator.

  280. Justin says:

    +1 Google Authenticator

  281. Danny says:

    Google authenticator +1

  282. jimmy says:

    Another vote for yubikey!

  283. notrab says:

    +1 Google Authenticator