Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / CIO Issues / Dropbox Intros USB Security Keys
Dropbox Adds USB Keys To Boost Security
Dropbox Adds USB Keys To Boost Security
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
As headlines about corporate hacks and data leaks have continued to dominate technology news sites, companies have moved to offer more security features to worried users and enterprise clients. Today, Dropbox announced that it is introducing support for open standard FIDO Universal Second Factor verification (U2F) to provide better account security to its users.

The cloud storage service has already been offering two-step verification for years, requiring users to provide both their usual usernames and passwords, plus additional security codes sent to their phones. The use of a second factor helps protect users from a variety of methods hackers can use to access passwords.

Safer than SMS

But relying on security codes sent via SMS is not foolproof, either. Dead batteries or lost phones can prevent users from accessing their accounts. The six-digit security code can also be vulnerable to phishing attacks, although it remains a much safer method than single-factor verification alone.

“Some sophisticated attackers can still use fake Dropbox Web sites to lure you into entering your password and verification code,” the company said in a blog post announcing support for U2F. “They can then use this information to access your account.”

U2F, however, allows users to access their accounts by plugging in USB devices that function as account keys. Instead of typing in six-digit codes sent to their cell phones, users will plug their USB drives into the computers they're using to access their accounts. Using a USB device is both more secure than SMS messages, and negates the problem of lost or dead cell phones. Unlike the six-digit security codes, USB keys will only interact with the legitimate Dropbox Web site, preventing users from being lured to spoofed URLs.

Added Security for Businesses

Setting up a security key requires a one-time purchase of a USB key that follows FIDO U2F. Once a user has a security key, it can be enabled for both personal and work Dropbox accounts. It can also be used with any other U2F-enabled service, such as Google apps.

The company has previously been criticized for not providing users with sufficient security protections. Edward Snowden, the former National Security Agency contractor and whistleblower, described Dropbox as “hostile to privacy.” But as the company has expanded its number of business customers, it has sought to introduce additional security features. Last year, it added password protection for link sharing, along with link expiration functionality.

Currently, Dropbox is only supporting U2F on the Chrome browser, so users with other browsers will have to continue using SMS verifications or authentication apps if they want two-factor verification. The security key also cannot be used to sign into the desktop client or the mobile app. Business admins will be able to enforce two-factor verification for all employees accessing corporate Dropbox accounts.

Image credit: Dropbox; iStock/Artist's concept.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.