Two-factor authentication is often held up as a best practice for security in the online world, but Dropbox on Wednesday announced a new feature that’s designed to make it even tougher.
Whereas
two-step verification most commonly involves the user’s phone for the second authentication method, Dropbox’s new U2F support adds a new means of authenticating the user via Universal 2nd Factor (U2F) security keys instead.
What that means is that users can now use a USB key as an additional means to prove who they are.
“This is a very good advancement and adds extra security over mobile notifications for two-factor authentication,” said Rich Mogull, CEO with Securosis.
“Basically, you can’t trick a user into typing in credentials,” Mogull explained. “The attacker has to compromise the exact machine the user is on.”
