Bumping up the level of security for its users, Dropbox has announced U2F or Universal 2nd Factor security keys that would offer “stronger authentication protection.” The new physical security keys are USB devices that work as an additional method for two-step verification process.
Dropbox users would have to type their password while signing in the Dropbox account and then insert their key in to the USB port when prompted. This step replaces the typing of six-digit code by users. “And unlike two-step with a phone, you’ll never have to worry about your battery going dead when you use a security key,” added the company blog post. “By using cryptographic communication, they will only work when you’re signing in to the legitimate Dropbox website.”
The new security feature would require a FIDO (Fast IDentity Online) U2F-compatible USB key, which can also be used with other U2F-enabled services, such as Google services. Also added is that the new login feature for now is only available via the Chrome browser. If in case the users do not have the key handy, they would still have the option to use two-step verification process using text messages or an authenticator app.
The introduction of this new security feature is likely to be welcomed by heavy Dropbox users and those who store sensitive information on the cloud service, which already has more than 400 million registered users
For those unaware, FIDO Alliance is an open industry consortium with the list of members implemented its standards, e.g like Nok Nok Labs, Synaptics, Alibaba, PayPal, Samsung, Google, Yubico and PlugUp.
Google rolled out USB key authentication in the form of a Security Key back in October last year, and allowed Chrome browser users to authenticate themselves when signing into a Google account. Samsung and PayPal were both early FIDO members, and their FIDO standard implementation had resulted in the Samsung’s fingerprint reader allowing direct login to the native PayPal app.
In December last year, the FIDO Alliance published the final 1.0 draft of online security standards to make “make authentication simpler and stronger for all.”