Beef up your security
Dropbox is making it more difficult for the bad guys to infiltrate your online storage account, provided you take advantage of the service's new support for USB-based two-factor authentication.
Effective immediately, Dropbox supports Universal 2nd Factor (U2F) security keys as an additional method for two-step verification, albeit only if you're using Google's Chrome browser. This allows you to use a USB key to help prove your identity.
If you're not signing in from a Chrome browser, you can still use Dropbox's two-step verfication via text message sent to your phone or an authenticator app, support for which was added to the cloud service back in 2012. However, if you're to take advantage of U2F support, Dropbox says you'll be better off.
"Security keys provide stronger defense against credential theft attacks like phishing. Even if you’re using two-step verification with your phone, some sophisticated attackers can still use fake Dropbox websites to lure you into entering your password and verification code. They can then use this information to access your account," Dropbox explained in a blog post.
To use U2F, you'll need a security key that follows the FIDO U2F standard from the FIDO Alliance. Once you have that, select the Security tab in your Dropbox account and click Add next to Security keys.
From then on, when logging into your Dropbox account, you'll type in your password as normal, followed by plugging your key into a USB port on your PC.
More than Peace of Mind?
This is a nice move by Dropbox, but since it's only supported in Chrome, it's also of limited value. Keep in mind that two-factor authentication still works when you don't have your USB key handy, and that's true of hackers, too. So, what's the use?
As Dropbox points out, using U2F rather than punching in a code sent to your phone can protect you from sophisticated phishing attempts. And that's really the main benefit here -- with U2F, you can be sure that you're unlocking the correct the door.
That said, Dropbox isn't without its weaknesses. While your data is encrypted, it's not client side end-to-end encryption. In other words, Dropbox owns the keys to decrypt your data, which leaves it susceptible to disgruntled employees, government seizures, and hackers.
None of this makes Dropbox a bad service, just understand that even if you use U2F, there are still ways for your private data to be exposed.
Follow Paul on Google+, Twitter, and Facebook
From maximumpc
from http://bit.ly/1IOG6fg
