Dropbox has announced the addition of USB key authentication as an extra layer of protection for customers of the cloud service.
The introduction of Universal Second Factor (U2F) authentication will provide the ability to store a second layer of security on a dedicated USB device rather than using the traditional six-digit text option.
Unlike SMS or mobile options, U2F authentication does not require a separate battery or network connection to work. Instead, users will need a security key that follows the FIDO U2F standard from the FIDO Alliance.
FIDO was launched in 2012 and produces biometric and two-step authentication systems. The organisation is managed by experts from Microsoft, Google and PayPal.
The key, also used by Google and WordPress, is currently available for dropbox.com only with the Chrome browser, but Dropbox believes that the move will protect against potential phishing and malware attacks.
"Even if you're using two-step verification with your phone, some sophisticated attackers can still use fake Dropbox websites to lure you into entering your password and verification code. They can then use this information to access your account," the company said in a blog post.
Customers signing in from a platform not supported by U2F can still use the standard text message two-step verification or an authentication application.
"Two-step verification is an optional but highly recommended security feature that adds an extra layer of protection to your Dropbox account. Once enabled, Dropbox will require a six-digit security code or a security key in addition to your password whenever you sign in to Dropbox or link a new computer, phone or tablet," the company said.
Cloud services including Dropbox, Google Drive and Box were recently found to be vulnerable to ‘man in the cloud' hacks, according to research unveiled at the Black Hat security conference.
Researchers at Imperva said that, if hackers gain access to a user's authentication token, a unique log-in file, they can steal data and even inject malware or ransomware into an account.
The move to U2F authentication is not officially a reaction to this research, but the extra layer of protection will come as welcome news to security-conscious Dropbox users.
Not all loose ends tied yet, admits Bain backer SK Hynix
It's Stack Overflow's second calculator, and first for external devs
Theresa May always the keenest cabinet voice in favour of draconian online censorship, surveillance and controls
No need to waste time on Google launch planned for 4 October