Security on cloud-based storage solutions is becoming increasingly important as more files are saved in them. They obviously have many advantages, such as having access to those files from many devices and across many platforms. Editing documents in collaboration with many users is also a feature that is gaining popularity recently, and it is possible thanks to these kinds of services. Dropbox is one of the most popular services for storing all sorts of files in the cloud and since they are also popular with its business solutions, they take security very seriously. Now, to add an extra layer of security, Dropbox have announced that they are introducing Universal 2nd Factor (U2F) security keys.
Even though Dropbox already offered two-factor authentication, these keys have the benefit of not running on batteries, so unlike a smartphone or tablet, users will be able to have this enhanced security method at all times, without worrying about the battery level when trying to input the six-digit code. Additionally, these keys offer better protection against phishing, as some attackers could create fake Dropbox websites that make users input their password and even the two-step verification code to steal their credentials and their files. The keys use cryptographic communication, so they are designed to work only with legitimate Dropbox sites.
What you need for the enhanced security to work is to get a security key that’s supported by the FIDO Universal 2nd Factor standard, which can be set up with Dropbox or any other account or service that supports U2F. Setting it up is really easy, all you have to do is go to the Security tab in the Dropbox account Settings and click on Add next to Security Keys. Right now, only the Chrome browser supports U2F, but the company is keeping the regular two-step verification method which works with a text message or an authenticator app, in case there are no USB ports available or if the user wants to use some other platform. Recent reports have suggested the company might add some extra space for free and to make their users more aware about security, but that’s still not happened yet.