What is the best online backup service that supports two-factor authentication?

[+Warwagon MVC]

I'm currently looking to dump Carbonite because they STILL do not support two factor authentication. I'm really surprised upon looking online how few services support it. Seeing how online backup services are the place that store the most important data you would think they would have accounts locked down a lot better.

 

So what I've found so far is that Crashplan on the enterprise side has two-factor authentication but not on the individual side. 

 

I tried Backblaze but I disliked how their software worked, gave you very little control.

 

So i'm wondering if anyone knows of an online backup service that I haven't come across yet that supports two factor authentication.

[+Warwagon MVC]

Thanks Budman, It's for backup and it is kind of nice to access them on my phone too and computers when i'm away from the home. Plus, I get 5 installs of office too.

[xendrome]

I would have choose Dropbox over one drive any day.

[+BudMan MVC]

If its for "backup" why would you want/need access to the files on your phone?  You would have access to the original files with your phone, etc.  People confuse backup and storage if you ask me..  I don't need access to my backup instantly, you have access to your original files instantly and sure where you store them or how you have setup access you could get to those files from any where from any device.

 

But that is not your backup   Do you need instant access to your files with your phone that you have in your safety deposit box?

 

As to the two factor.. I personally don't see the need for "HOME" files...   What would you be backing up that would require two factor, as stated if your worried about someone watching your kids birthday party movie, or your pictures from your trip to paris then encrypt them..  Needing MFA to access your backup just seems pointless... And just one more hoop your jumping through to get to your own freaking data..

[+Warwagon MVC]

6 minutes ago, BudMan said:

If its for "backup" why would you want/need access to the files on your phone?  You would have access to the original files with your phone, etc.  People confuse backup and storage if you ask me..  I don't need access to my backup instantly, you have access to your original files instantly and sure where you store them or how you have setup access you could get to those files from any where from any device.

 

But that is not your backup   Do you need instant access to your files with your phone that you have in your safety deposit box?

True. Well, it's an storage of my files office site, Plus I can access the remotely. Don't use it all the time, but sometimes I want a file.

[+BudMan MVC]

If you wanting storage for files with MFA sure ok, but the title of the thread says backup... There is a big difference in both personal and professional opinion is all I am saying..

 

In my opinion I really don't see need for MFA in backup, the access to such files that if your storing them in the cloud for business for sure should be encrypted. Access to such files would be very restricted anyway since you would have to have the keys to decrypt.. MFA does not protect you from someone that has access to the files, or hacks their way into the where the files are stored..  It just prevents say Susan at work from accessing Billy's files because Susan happens to know or can guess Billy's username and password..

 

Someone that is hacking say the datacenter where the files are stored, or works for the company that stores the files, or say some gov entity that has been granted access has already bypassed the username/password requirement and the MFA has also become completely moot..  Now the only thing that keeps them from your files is the encryption..

 

Access to backup files really shouldn't have a easy access method..  There is no web access into glacier for example..  Shoot it can take 4 hours to even pull an inventory of the files stored.. So what is the point of the MFA??  So are you saying your backups are not encrypted?

 

Now lets say you store work or even personal files in the cloud that need access by multiple people, encrypting such files provides what?  What is the info in the files?  Is it payroll information?  Why are they accessing those from anywhere but your place of work or via a vpn..  But the encryption of the files just now means that anyone accessing such files needs a way to decrypt them..  So unless your storing these files on an anonymous ftp server somewhere you already have MFA - the creds to access them, and then the creds to decrypt them.. 

 

As with any form of security you place on access to anything, you need to justify the extra overhead in accessing your data, who would have access to the data and what is in the data to justify the extra overhead in getting to them..  Quite often it seems extra hoops are added for no valid reasoning other than some misconception that is added security..  First question you should be asking is that added security actually doing anything, and is the data being stored worth that extra effort/cost/time?

 

If your files are encrypted you already have MFA, if they are not encrypted why are they in the cloud?  If the reason they are in the cloud is for easy access from multiple locations by multiple people they must not be very important so is not just username and password enough.. is the extra hoop of MFA really needed?

 

Where I can see MFA being required is access to such thing like email system or bank or storage of your passwords.  This data while more than likely encrypted on the backend so if someone came in the backdoor like hacking the datacenter this info is encrypted.  If they come in the easy access front door which is the whole point to the system with a username and password they can pretend to be you, and use your email for their own use like recovery of other sites usernames and passwords.  If your bank - shoot they could transfer your money anywhere, etc..  So in this case since the front door is real time access to impersonation of you, or access to data that warrants the extra security like passwords then sure lock that stuff down and require a few hoops to jump through.

 

If you access your email from weird places and have a password you easy type, sure some sort of MFA might be warranted.. I only access email from my devices and the password is so long and complicated I don't even know what it is and have to use my password manager to access.. Now my password manager, you can not access from any country other than the US anyway.  If your not coming from one of MY devices then you would need the 2nd factor.  As to the bank, same thing its a really complex password and if not accessed from one of my devices you have to run through multifactor..   If one of my devices were lost, first thing that would be done would be change all my passwords and lock out those devices on the services that allow that, etc.  And then even if they had one of my devices - shoot fbi had a freaking hard time getting into phone..

 

I can see with a system like work email where MFA being accessed from anywhere other than say work, or work devices through vpn than sure some sort of OTP or hoop sort of MFA should most likely be used because users tend to use very easy passwords that barely meet the password requirements.. P@ssword1 normally meets corporate password complexity standards for example

 

I am all for security, but extra hoops to access my own data that is would be of zero worth to anyone other than me, no thanks.

[James035]

I have been using sugarsync for a long time its service is pretty good, but one thing I always face is that is takes time to sync.

[Somnus]

If you were to encrypt your data before sending, what's a good one for Windows 10?

[+Warwagon MVC]

3 minutes ago, Somnus said:

If you were to encrypt your data before sending, what's a good one for Windows 10?

Well I use syncback Pro which also gives the option to compress stuff into password protected zip files. I bought the pro version for the option of having it email me if backups fail.

[StrikedOut]

Take a look at Atix5, http://www.attix5.com. I use it for my companies backup and it works well for us.

[+Warwagon MVC]

3 hours ago, StrikedOut said:

Take a look at Atix5, http://www.attix5.com. I use it for my companies backup and it works well for us.

Any site that says request price I say no thank you.

[StrikedOut]

24 minutes ago, warwagon said:

Any site that says request price I say no thank you.

Why? Often there are a large variation of the application that you can buy. In this case there are a variety of plug ins depending upon the backup being done. Then there are additions that you may or may not want, again a little choice but with so many combinations can make the purchase process a little confusing to some.

 

So although I do agree with your statement for the majority of sites, this statement is a put off, it does depend upon what you are trying to buy and achieve.

[+Warwagon MVC]

50 minutes ago, StrikedOut said:

Why? Often there are a large variation of the application that you can buy. In this case there are a variety of plug ins depending upon the backup being done. Then there are additions that you may or may not want, again a little choice but with so many combinations can make the purchase process a little confusing to some.

 

So although I do agree with your statement for the majority of sites, this statement is a put off, it does depend upon what you are trying to buy and achieve.

It also means that when you do get the quote it's going to insanely expensive.

[StrikedOut]

41 minutes ago, warwagon said:

It also means that when you do get the quote it's going to insanely expensive.

We only pay £7 per server per month for data backup. The storage solution is a little costly £0.40 per Gb but this is with our DC provider and also includes mirror of our back up to an alternative DC.

[+Warwagon MVC]

So I just checked and Carbonite now offers two-factor... it's via SMS and not via something like Google Authenticator but it's something. But come to find out after turning on two-factor I was prompted for a code when logging in from a web browser BUT when logging in via the Android app it bypasses two-factor completely. Requiring only the email address and password.