Following a security breach in which passwords were stolen, Dropbox now sends a six-digit code via text message to a mobile phone
More websites should ask customers to confirm their identification by using one-off security codes sent by text messages, rather than by only entering a username and password.
Andy Kemshall of security firm Securenvoy warned that a study of security professionals found 42 per cent believe "the average kid could crack most end user's passwords."
He said the second-factor authenticaiton process of confirming a transaction or a person's identity using code sent via text messages is a simpler version of the system many online banks have tried, which uses a card reader.
"Even if a hacker has found out your password, they won't have your phone. If your phone is stolen, the criminal is unlikely to know your password."
Recently cloud storage service Dropbox has introduced a two-stage sign-in process for its online storage service,
Following a security breach in which passwords were stolen, Dropbox now sends a six-digit code via text message to a mobile phone, which is entered after the username and password.
The system will also work through apps for iPad and iPhone, Blackberry, Windows Phone 7 and Android devices.
However, Oren Kedem, at security firm Trusteer, disagrees that two-factor authentication using SMS is inherently safe.
"SMS authentication is insecure as there are multiple ways it could be compromised. Some malicious software can hide, read and generate texts on mobile devices," he warned.
Rik Ferguson of Trend Micro also agreed with two-factor authentication sent by text being used for online banking.
"The question is not only about verifying the person initially making the transaction but is the transaction itself valid?
"For example you could be sending £50 to your son's bank account online using the code, but if you had malware that allowed a man-in-the-middle attack, the hacker could change that from £50, to £500 and direct the money to a different account.It's ok for sites such as drop box but it's not fail safe.
"It should certainly never be used for online banking because we have seen so much mobile malware used to bypass this form of security," he said.
Updating your subscription status