Dropbox has announced the addition of USB key authentication as an extra layer of protection for customers of the cloud service.
The introduction of Universal Second Factor (U2F) authentication will provide the ability to store a second layer of security on a dedicated USB device rather than using the traditional six-digit text option.
Unlike SMS or mobile options, U2F authentication does not require a separate battery or network connection to work. Instead, users will need a security key that follows the FIDO U2F standard from the FIDO Alliance.
FIDO was launched in 2012 and produces biometric and two-step authentication systems. The organisation is managed by experts from Microsoft, Google and PayPal.
The key, also used by Google and WordPress, is currently available for dropbox.com only with the Chrome browser, but Dropbox believes that the move will protect against potential phishing and malware attacks.
"Even if you're using two-step verification with your phone, some sophisticated attackers can still use fake Dropbox websites to lure you into entering your password and verification code. They can then use this information to access your account," the company said in a blog post.
Customers signing in from a platform not supported by U2F can still use the standard text message two-step verification or an authentication application.
"Two-step verification is an optional but highly recommended security feature that adds an extra layer of protection to your Dropbox account. Once enabled, Dropbox will require a six-digit security code or a security key in addition to your password whenever you sign in to Dropbox or link a new computer, phone or tablet," the company said.
Cloud services including Dropbox, Google Drive and Box were recently found to be vulnerable to ‘man in the cloud' hacks, according to research unveiled at the Black Hat security conference.
Researchers at Imperva said that, if hackers gain access to a user's authentication token, a unique log-in file, they can steal data and even inject malware or ransomware into an account.
The move to U2F authentication is not officially a reaction to this research, but the extra layer of protection will come as welcome news to security-conscious Dropbox users.
Microsoft seizes control of phishing sites linked with Russian state hackers
Fitness trackers over-estimate the number of steps their users take, analysis of 67 research reports suggests
Everything we think we know about the imminent Apple iPhone 9, iPhone 11 and iPhone 11 Plus launches
All the latest rumours about Apple iPhone Displays, CPUs, launch dates and even prices
Nvidia brings Turing microarchitecture into the high-end gaming segment