Two-factor authentication is a good start, but Dropbox wants to give users an option to avoid pitfalls of software-only...
two-step verification with support for USB security keys.
Dropbox has announced support for universal 2nd factor (U2F) security keys, which it says will make logins faster and security stronger. According to Dropbox, sophisticated attackers can create phishing schemes that lure users into entering both a password and verification code, but the use of a U2F security key will avoid that risk.
When logging into Dropbox, instead of entering a six-digit code, users will be prompted to insert the key into a USB port. The keys will have additional cryptographic communication to ensure that it can only be used when signing in at the verified Dropbox Web site.
Dropbox will support security keys that use the FIDO U2F open standard, which is the same standard Google uses for its two-factor USB key support. The limitation is that U2F support through dropbox.com is only supported in the Google Chrome browser right now.
Why Fast Identity Online Alliance backs multi-factor authentication
Learn more about FIDO Alliance authentication certification standards
Find out why two-step verification and two-factor authentication are synonymous