Dropbox adds USB two-factor authentication to beef up security

News by Rene Millman

Cloud storage gets dongle protection from phishers

Dropbox has introduced universal second factor (U2F) security keys as a back-up security measure together with two-factor authentication.

The cloud storage firm said that while TFA provides a lot of protection, a U2F key would make it harder for cyber-criminals to access accounts and also safeguard against phishing attacks.

"Even if you're using two-step verification with your phone, some sophisticated attackers can still use fake Dropbox websites to lure you into entering your password and verification code," Patrick Heim, head of trust & security at Dropbox wrote in a blog post. "They can then use this information to access your account."

As U2F keys use cryptographic communication, they will only work if a user is signed into the legitimate Dropbox website.

"Security keys are an easy way to use two-step verification when signing in to dropbox.com," Heim added. "After typing in your password, just insert your key into a USB port when you're prompted, instead of typing in a six-digit code. And unlike two-step with a phone, you'll never have to worry about your battery going dead when you use a security key."

To use the new security measure, a user will need a security key that follows an open standard called “FIDO Universal 2nd Factor (U2F)” from the FIDO Alliance. This U2F key can then be set up with your Dropbox account and any other U2F-enabled services, such as Google.

At present the security measure will only work when accessing Dropbox through the Chrome browser, using an alternative browser will have to make do with standard two-factor authentication for the time being.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews