This article is more than 1 year old
Dropbox adds USB two factor authentication for paranoid Chrome users
Advanced phishers leave with still baited hooks.
Dropbox has added dongle-driven two factor authentication to its cloud sharing services for more highly risk-averse users in a bid to foil phishing attempts.
The USB authentication dongle will replace the need to manually enter a six digit code sent over insecure SMS or generated by authenticator apps.
Punters will need a U2F-certified USB key designed by Google and Yubico especially for two factor authentication.
"Security keys provide stronger defense against credential theft attacks like phishing," Dropbox security bods Patrick Heim and Jay Patel say.
"Even if you’re using two-step verification with your phone, some sophisticated attackers can still use fake Dropbox websites to lure you into entering your password and verification code.
"They can then use this information to access your account."
The aim is to foil the chance that especially clever phishers could lure Dropbox users to enter both their username and passwords, and two factor keys by nixing the need to type in the digits.
U2F flow.
Users' U2F USBs can be activated by plugging in the device and following a setup wizard within Dropbox's security 'add a key' options.
The key only works for Google Chrome users at present. Firefox fans and Internet Explorer holdouts can still login using their existing two factor options. ®
Biting the hand that feeds IT
