SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Dropbox Enhances Authentication Security With USB Second Factor

Dropbox customers can now protect their accounts by using a USB device as the second factor in the two-step authentication (2FA) process.

Dropbox customers can now protect their accounts by using a USB device as the second factor in the two-step authentication (2FA) process.

2FA can be a highly efficient mechanism for protecting online accounts because it prevents unauthorized access even if the username and password have been compromised. The second authentication factor is usually provided via text messages or a special application, but physical USB security keys are also becoming increasingly popular.

U2F security Key

With the addition of support for Universal 2nd Factor (U2F) security keys, Dropbox wants to enhance security while making it easy for customers to access their 2FA-protected accounts. When logging in to their account, after entering their password, users have to insert the security key into the computer’s USB port instead of typing in a 6-digit code received via SMS or an authentication app.

Dropbox has pointed out that two-step verification systems that rely on one-time passwords can be defeated by attackers who can trick victims into entering both their password and the verification code on a phishing website. Security keys are much more efficient because they use cryptographic communications to ensure that they can only be used on the legitimate Dropbox website.

Users who want to leverage the new feature must acquire a USB device compliant with FIDO U2F and add the security key to their account from the settings menu.

The new security feature currently only works on Google Chrome. Dropbox noted that customers who want to use the feature can continue to log in to their accounts by using the one-time passwords received via SMS or an authentication app when logging in from platforms or devices that don’t support U2F, or if they don’t have the security key on hand.

The U2F keys acquired by users for their Dropbox accounts can also be used for other services, such as Google. The search giant announced the introduction of USB security keys in October 2014.

The Linux Foundation also introduced a similar 2FA authentication feature last year for developers working on the Linux kernel.

Advertisement. Scroll to continue reading.
Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Rethinking Endpoint Hardening for Today’s Attack Landscape
On Demand

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Virtual Event: Cloud & Data Security Summit
July 16, 2025

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.