To enhance the security of the users’ accounts, most major cloud services have adopted two-step authentication (or validation) process for logins. The second step is usually entering a second code received on users’ smartphones. But now, Dropbox adds U2F support as a new means of second step authentication factor to enhance the security of its users.
Dropbox explained in a blog post:
“Even if you’re using two-step verification with your phone, some sophisticated attackers can still use fake Dropbox websites to lure you into entering your password and verification code. They can then use this information to access your account.”
Dropbox adds U2F support, which means that now you can use a USB key as a second step authentication factor instead of codes send on your smartphones. After entering the traditional password, users’ need to insert the USB key into the computer and then they can access to their account. Unlike a smartphone, USB stick does not risk running out of battery or pushing the user to reveal his two factors to a hacker via sophisticated phishing.
Dropbox adds U2F support and Rich Mogull, Analyst & CEO of Securosis, said regarding it:
“This is a very good advancement and adds extra security over mobile notifications for two-factor authentication. Basically, you can’t trick a user into typing in credentials. The attacker has to compromise the exact machine the user is on…. But this is a better option in high-security environments and is a good example of where the FIDO standard is headed.”
Users interested in using this new feature will need a security key, following the FIDO Alliance’s Universal 2nd Factor standard. Users can then use that U2F key by setting it up with their Dropbox account.
Dropbox adds U2F support and presently U2F is supported for Dropbox.com using only the Google Chrome browser.