USB Keys Used to Bolster Dropbox Security
In light of ongoing cyber threats, a number of companies are taking drastic measures to keep confidential information safe. For instance Dropbox has added support support for USB-based keys, thereby creating better security. With this, gaining access to an account will be extremely difficult.
Known as Universal 2nd Factor or U2F, these security keys work as an additional option for two-factor authentication. In other words, instead of receiving a code via smartphone, an individual would insert a key using the USB port on the phone once the Dropbox password is entered.
A company spokesperson stated that when using the security key, consumers never have to worry about the battery on the phone going dead, unlike other systems. This two-factor authentication actually rolled out three years ago after Dropbox was hit with a major spam attach in which passwords were stolen but it is now becoming more popular due to increased security threats.
By using the two-step USB keys, individuals are provided a second layer of protection. The security consists of a six-digit code sent to the mobile phone once the standard password is entered. That way, if a person’s password were ever stolen, the account could not be hacked. Simply put, without the secondary code hackers cannot gain account access. The only way an account can be breached is if a hacker had physical control of the phone or knew the six-digit code.
The company spokesperson also explained that security keys actually offer a better defense against attacks, especially credential like phishing. The company reminds consumers that even when using the initial password along with two-step verification, many hackers are extremely sophisticated and convincing.
Part of their ploy is to use different methods for luring people into providing information for both security measures, which gives hackers access to accounts. For this reason, it is essential to be cautious and at no time provide a password and/or the two-step verification code to anyone who asks. If an individual feels pressured to give or enter this information, Dropbox should first be contacted for verification.
Remember, this is the very type of attack that a two-step verification process is designed to prevent. Even if a person is lured to what appears to be the legitimate Dropbox website, this information should never be provided or entered.
The Universal 2nd Factor security key comes from Fido Alliance. Once the code is received, the person would go to the Security tab within Dropbox account settings. From there, “Add” near the Security keys would be clicked on.
Currently, U2F only works for Dropbox.com through the Chrome browser. However, when signing into Dropbox from a mobile device or platform that offers no support, two-step verification can still be used through an authenticator app or text message. After the program has been enabled, both personal and business Dropbox accounts can be utilized, along with any other service that supports U2F.