Spartak - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Dropbox adds support for U2F security keys

Dropbox announced it is strengthening login options with support for universal 2nd factor (U2F) security keys with the aim of making two-step verification faster and easier.

Two-factor authentication is a good start, but Dropbox wants to give users an option to avoid pitfalls of software-only two-step verification with support for USB security keys.

Dropbox has announced support for universal 2nd factor (U2F) security keys, which it says will make logins faster and security stronger. According to Dropbox, sophisticated attackers can create phishing schemes that lure users into entering both a password and verification code, but the use of a U2F security key will avoid that risk.

When logging into Dropbox, instead of entering a six-digit code, users will be prompted to insert the key into a USB port. The keys will have additional cryptographic communication to ensure that it can only be used when signing in at the verified Dropbox Web site.

Dropbox will support security keys that use the FIDO U2F open standard, which is the same standard Google uses for its two-factor USB key support. The limitation is that U2F support through is only supported in the Google Chrome browser right now.

Next Steps

Why Fast Identity Online Alliance backs multi-factor authentication

Learn more about FIDO Alliance authentication certification standards

Find out why two-step verification and two-factor authentication are synonymous


Dig Deeper on Web application and API security best practices

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Does your organization allow use of Dropbox? If not, would U2F security key support change your stance?
We do not encourage the use of DropBox, although I suspect that some people use it as a form of shadow IT. At this point we have been using Box long enough that, barring significant issues, it is not feasible to move everything to another system and retrain the organization.
Mostly yes, but "allowed" or not, Dropbox is being used. We've tried to limit any sensitive materials, but after several years of use there have been no problems. So adoption has become more extensive. Better security would certainly move things along even faster.