Dropbox boosts security cred with new USB login key

Security made twice as nice.


Eric Geller


Published Aug 13, 2015   Updated May 28, 2021, 4:16 am CDT

Dropbox has a new way to keep your files extra secure. 

The cloud-hosting company announced on its blog Wednesday that users can now log in with a hardware security key, giving users a new way to set up the much-touted “two-factor authentication” that security experts say is essential for modern Web services.

Specifically, Dropbox is adding support for security keys that use the common U2F (universal two factor) standard, letting people use those instead of a code-generating app on their smartphones

“After typing in your password, just insert your key into a USB port when you’re prompted, instead of typing in a six-digit code,” Dropbox explained. “And unlike two-step with a phone, you’ll never have to worry about your battery going dead when you use a security key.”

Security keys are already common in many corporate environments, where they are known as “key fobs.” RSA Security, the leading provider of security keys or “tokens,” makes devices for major commercial banks, government agencies, and defense contractors.

Mainstream consumers, meanwhile, barely use two-factor authentication at all, and if they do, they use code-generating apps like Google Authenticator. Dropbox’s new support for security keys could be an attempt to appear more business-friendly, or it could simply be a forward-looking move in anticipation of consumers buying keyfobs for their more-secure future.

One of the most popular security keys, made by Yubico, costs $18 on Amazon.

Dropbox users who forget their U2F key or try to sign in from a mobile app can still use a code-generating app or get a code sent in a text message.

Photo via Ian Lamont/Flickr (CC BY 2.0)

Share this article
*First Published: Aug 13, 2015, 12:38 pm CDT