Security Experts:

Connect with us

Hi, what are you looking for?


Identity & Access

Dropbox Enhances Authentication Security With USB Second Factor

Dropbox customers can now protect their accounts by using a USB device as the second factor in the two-step authentication (2FA) process.

Dropbox customers can now protect their accounts by using a USB device as the second factor in the two-step authentication (2FA) process.

2FA can be a highly efficient mechanism for protecting online accounts because it prevents unauthorized access even if the username and password have been compromised. The second authentication factor is usually provided via text messages or a special application, but physical USB security keys are also becoming increasingly popular.

U2F security Key

With the addition of support for Universal 2nd Factor (U2F) security keys, Dropbox wants to enhance security while making it easy for customers to access their 2FA-protected accounts. When logging in to their account, after entering their password, users have to insert the security key into the computer’s USB port instead of typing in a 6-digit code received via SMS or an authentication app.

Dropbox has pointed out that two-step verification systems that rely on one-time passwords can be defeated by attackers who can trick victims into entering both their password and the verification code on a phishing website. Security keys are much more efficient because they use cryptographic communications to ensure that they can only be used on the legitimate Dropbox website.

Users who want to leverage the new feature must acquire a USB device compliant with FIDO U2F and add the security key to their account from the settings menu.

The new security feature currently only works on Google Chrome. Dropbox noted that customers who want to use the feature can continue to log in to their accounts by using the one-time passwords received via SMS or an authentication app when logging in from platforms or devices that don’t support U2F, or if they don’t have the security key on hand.

The U2F keys acquired by users for their Dropbox accounts can also be used for other services, such as Google. The search giant announced the introduction of USB security keys in October 2014.

The Linux Foundation also introduced a similar 2FA authentication feature last year for developers working on the Linux kernel.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...


Identity and access governance vendor Saviynt has closed a $205 million financing round.

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...