14 DAY TRIAL // Dropbox, the world's most used cloud-based file-sharing and syncing service, has just added a new feature to strengthen its security system.
Users who would like an extra layer of security for their accounts are now free to enable two-step verification using U2F (Universal 2nd Factor) security keys.
This adds an extra step in the authentication procedures, which, besides a username (email address in Dropbox's case) and a password, will also require an additional security key.
Google was the first to have USB-based security keys
Google was one of the first major companies to add U2F security keys last year, allowing users to create a USB stick under the FIDO specs, which would contain security keys with anti-tampering protection.
When this USB stick was plugged in the user's device, it allowed them to verify a Google login attempt using the USB's security key, which was compared to one stored in their account's settings.
The same process can now be carried out with Dropbox accounts, the company announcing this feature for both free and enterprise users.
It works only via Google Chrome
Currently, the U2F procedure is supported only for the dropbox.com website when accessed using Google Chrome.
Users are free to create their own security keys wherever they want, and once done, they can add them to their Dropbox profile via the service's "Security" tab on its Web portal.
While most companies have two-step verification systems that involve sending an SMS to the user's phone containing a simple code of various lengths, U2F security keys are considered to be much safer, since they cannot be spoofed by malicious actors, and the only way to break them is to get in physical possession of the USB stick itself.