Menu
Dropbox adds U2F support for better security

Dropbox adds U2F support for better security

It's a better option for high-security environments, one analyst says

The FIDO Universal 2nd Factor (U2F) standard.

The FIDO Universal 2nd Factor (U2F) standard.

Two-factor authentication is often held up as a best practice for security in the online world, but Dropbox on Wednesday announced a new feature that's designed to make it even tougher.

Whereas two-step verification most commonly involves the user's phone for the second authentication method, Dropbox's new U2F support adds a new means of authenticating the user via Universal 2nd Factor (U2F) security keys instead.

What that means is that users can now use a USB key as an additional means to prove who they are.

"This is a very good advancement and adds extra security over mobile notifications for two-factor authentication," said Rich Mogull, CEO with Securosis.

"Basically, you can't trick a user into typing in credentials," Mogull explained. "The attacker has to compromise the exact machine the user is on."

For most users, phone-based, two-factor authentication is "totally fine," he said. "But this is a better option in high-security environments and is a good example of where the FIDO standard is headed."

Security keys provide stronger defense against credential-theft attacks like phishing, Dropbox said.

"Even if you're using two-step verification with your phone, some sophisticated attackers can still use fake Dropbox websites to lure you into entering your password and verification code," the company explained in a blog post. "They can then use this information to access your account."

Security keys, on the other hand, use cryptographic communication and will only work when the user is signing in to the legitimate Dropbox website.

Dropbox users who want to use the new feature will need a security key that follows the FIDO Alliance's Universal 2nd Factor (U2F) standard. That U2F key can then be set up with the user's Dropbox account along with any other U2F-enabled services, such as Google.

Currently, U2F is supported for Dropbox.com using only the Chrome browser. Once set up, users simply insert their key into a USB port when prompted after typing in their password.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securitycloud computingdocument managementinternetcollaborationsoftwareapplicationsdropboxAccess control and authentication

Featured

Slideshows

Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.‚Äč

Tech industry comes together as Lexel celebrates turning 30
Show Comments