Dropbox introduces USB key verification for two-step login

13 Aug 2015

Dropbox has upped account security in a major way, announcing that Universal 2nd Factor (U2F) security keys are now an accepted form of verification during two-step login.

Dropbox has adopted this new method of verification to provide stronger defence against phishing attacks.

Two-step login has become the norm in recent years as online privacy and security become growing concerns, but companies are now beginning to eschew the standard mobile verification in favour of U2F keys.

While two-step verification using a phone can be effective, it is open to some risk – there is still a chance that a user can be fooled into entering their password and verification code on fake websites, says Dropbox.

The U2F key – a physical key that slots into a device’s USB port – offers an additional layer of protection.

Not only does this method drastically reduce the risk of attackers intercepting your information, Dropbox says the keys will use cryptographic communication to ensure that they only work on the legitimate Dropbox website.

This won’t work with just any old USB key, though. According to Dropbox: “You’ll need a security key that follows an open standard called ‘FIDO Universal 2nd Factor’ from the FIDO Alliance.”

This key will then work with any U2F-enabled services, including Google.

Dropbox will retain normal two-step login processes, and users will still be able to sign into their accounts using text message or authenticator app verification.

Main image, via Shutterstock

Kirsty Tobin was careers editor at Silicon Republic