Dropbox has updated its security features, adding in a two-step verification option that utilizes a USB key rather than a six-digit passcode. There are a few benefits to this, one of which is being able to access the account even if you don’t have your phone or its battery is dead. This also eliminates the issue of phishing, as code-based two-step authentication would still be a liability if someone with the right credentials fell for a phishing scheme.
Dropbox announced today that it now supports U2F security authentication in addition to its previously available two-step verification feature. With this, users will sign in to their two-step verification-enabled cloud account by first entering their password, then inserting their USB security key.
The security key is done in substitution of the typical six-digit code that would be sent to the user’s phone, and is a better security option. While some nefarious person could manage to steal the password and verification code using phishing techniques or some other method, it is much harder to get ahold of a physical USB key.
Says Dropbox, you can use this with a security key that uses the “FIDO universal 2nd factor” (U2F) open standard from the FIDO Alliance. If you have this, just set it up with the Dropbox account via the Security tab under which you’ll find an “Add” option. You’ll also need to be using Chrome browser. Full details can be found here.