Cloud accounting programs need to tighten the gates.
Convenience and security are two sides of the one coin. The more you have of one the less you have of the other, and when it comes to cloud software the advantage is firmly stacked towards convenience.
Are cloud software companies doing enough to address the security issue? One of the most popular has just decided that the standard username and password is no longer enough.
With more than 50 million users, Dropbox is the most popular cloud storage program for documents, photos and other files. The magic of being able to access your files just by typing your username and password into a browser is one of the great attractions of the cloud.
However, Dropbox has suffered a number of embarrassing security breaches, the most recent only last month when the cloud provider discovered that one of its employee’s email accounts had been hacked and user email addresses stolen.
In response Dropbox promised to add two-factor authentication, a security procedure which requires a user to authorise their computer, tablet or smartphone before they can enter their username and password. Today Dropbox released the security service as an option for users that upgraded to the latest version of the desktop software.
Dropbox users authorise devices with two-factor authentication are sent a code by SMS to the user’s phone which must be entered within 60 seconds of receiving it.
Even if hackers were to steal passwords and usernames for hundreds of Dropbox users they wouldn’t be able to access accounts protected by two-factor authentication without access to each user’s smartphone as well.
Ulimately all security measures including two-factor authentication are fallible in some way. But it’s a much stronger defence than the humble and mostly inadequate password. Two-factor authentication has been used in internet banking for some time. You might be familiar with those little digital fob chains that generate codes to be entered alongside customer number and password to access online bank accounts.
The move by Dropbox will be copied by its rivals and will add pressure to cloud accounting programs, which contain commercially sensitive information, to follow suit.
No cloud accounting program sold in Australia – Xero, Saasu or MYOB LiveAccounts – offers two-factor authentication. None of the companies have mentioned it in recent discussions about their roadmaps either.
But for how long will this remain the case? A breach of security for any one of them would be enormously damaging at a time where interest and sales in cloud accounting software are spiking. Particularly among accountants obsessed with the integrity and security of their clients’ data.
It’s easy to imagine that two-factor authentication will one day be essential to cloud software that deals with sensitive information. With more security and a little less convenience, the cloud players will have a better shot at winning over the conservative majority.