Dropbox Adds Support For U2F Security Keys

In an effort to adopt a greater variety of strong authentication protocols into its system, Dropbox today announced via blog post that the company will now support Universal 2nd Factor (U2F) security keys as a valid 2-factor authentication method.

“This is a very good advancement and adds extra security over mobile notifications for two-factor authentication”, said Rich Mogull, CEO with Securosis.

The aim is to foil the chance that especially clever phishers could lure Dropbox users to enter both their username and passwords, and two factor keys by nixing the need to type in the digits.

Of course, the downside is you can lose your key.

They also provided greater protection against theft attacks like phishing, they’re designed to protect against such attacks since cryptographic communication ensures that it only works when the user is signing into the legitimate Dropbox website.

Anxious about the security of your Dropbox files, even if you use two-step verification?

Once you get the USB key, you can go to the Security tab in Dropbox account settings and click Add next to Security Keys.

You’ll need to grab a USB security key for about $20 that conforms to the FIDO Alliance standards for these devices. That U2F key can then be set up with the user’s Dropbox account along with any other U2F-enabled services, such as Google.

Currently, U2F is only supported for dropbox.com using the Chrome web browser.