Dropbox has offered another method for two-factor authentication. Now, users have the option to use a USB key to verify their identity when accessing Dropbox.
Dropbox already provides two-factor verification, with an optional six-digit security key available to those who want a bit more protection than what a single password provides. Instead of using the six-digit key, Dropbox users can convert a secure USB drive into a hardware key.
Users can simply insert their USB keys into their computers and enter their passwords to access their accounts, shared or personal, instead of typing in the six-digit keys whenever they want to access content stored in Dropbox's cloud.
Along with easing access to Dropbox, support for Universal 2nd Factor (U2F) USB keys assures users they are attempting to access a legitimate Dropbox site.
"Security keys provide stronger defense against credential theft attacks like phishing," said Dropbox. "Even if you're using two-step verification with your phone, some sophisticated attackers can still use fake Dropbox websites to lure you into entering your password and verification code. They can then use this information to access your account."
To set up a hardware key for Dropbox access, users will need to purchase a USB stick that is compliant with the standards set by the FIDO (Fast Identity Online) Alliance. The secure USB stick can also be used as a hardware key for other apps and services.
Dropbox is currently only supporting U2F USB keys on Google Chrome browsers. Chrome is the only browser that supports U2F. Also, the feature isn't supported on mobile devices, which is primarily due to Dropbox restricting U2F support to USB sticks.
If a hardware key is lost, users can fall back on the previous method of two-step verification. Dropbox will text the six-digit key to users, or authorized users can use an authenticator app.
"Making sure only you can access your account is an important part of keeping Dropbox safe," Dropbox said.