Dropbox has finally introduced a long due security upgrade to its two-factor authentication. The company today announced in a blog post that its enabling USB security keys to the login process, which allows users to accompany traditional passwords with a dongle, instead of the usual six-digit code sent via SMS. This significantly bolsters the overall security as keys cannot be intercepted by attackers by conventional means, as opposed to SMS codes.
The use of a USB stored verification process is a good step to preserve users’ privacy, says the company, as it negates the possibility of anonymous usage by making sure that a user is physically present. Users will need a key that meets FIDO’s Universal 2nd Factor (U2F) standard, and will also work with security keys from Google or any other U2F capable service.
Dropbox explained in a blog that security keys are an ‘easy way’ to use the two-step verification process when signing in for Dropbox. After punching in their passwords, users just need to plug in their USB keys when prompted, rather than typing the six-digit code.
Moreover, users won’t have to worry about battery issues when using a security key, unlike the two-step process with a phone. Once they have their key, they’ll need to go the security tab in their Dropbox account settings and then click ‘Add’ which is right next to Security keys. For now, U2F is only supported for Dropbox.com on the Chrome browser, said the company.
Meanwhile, users will still have the option to use the two-step verification through text message or an authenticator app.
Dropbox CEO Drew Houston has been rather impressed with FIDO’s work to protect passwords. Back in July at a security conference in London he said that passwords have become rather obsolete, and there is a better way. He said that passwords can be attributed to one of the weakest links in a security, which eventually makes other measures worthless.
Meanwhile, the company’s head of security Patrick Helm also said that he is a huge fan of FIDO U2F, adding that the two have now joined hands to integrate U2F and FIDO keys with Dropbox. He did not mention a specific launch date, but did say the project is now going full throttle.
Yubico, one of the largest producer of such keys that are available for $18, believes U2F is an emerging technology. It keys have a much more compact form factor as opposed to a standard USB drive.