ONE-TIME EDWARD SNOWDEN PRIVACY SYSTEM OF CHOICE Dropbox is looking to tighten up security through the adoption of Universal Second Factor (U2F) security keys as a two-step verification option.
Two-step, said the firm, allows for much stronger user account protection, and the use of a password and a USB-stored verification system is a good stride in the direction of privacy.
Dropbox has not always been associated with privacy, and Edward Snowden has been very vocal about the firm and its practices. However at the start of the summer rights group the Electronic Frontier Foundation gave the firm a very good report.
"Security keys are an easy way to use two-step verification when signing in to dropbox.com. After typing in your password, just insert your key into a USB port when you're prompted, instead of typing in a six-digit code," Dropbox explained in a blog post.
"And unlike two-step with a phone, you'll never have to worry about your battery going dead when you use a security key."
The key in question must support the FIDO U2F, which we have written about before, and which Dropbox has already recommended. Ubico, a provider of keys, describes U2F as an emerging technology. The firm offers keys that start at around £12 which support services including Google account log-ins.
"Once you have a key, go to the Security tab in your Dropbox account settings and click Add next to Security keys. Currently, U2F is only supported for dropbox.com using the Chrome web browser," added Dropbox in a blog post.
"Signing in from a device or platform U2F isn't supported, or don't have your key on hand? Don't worry - you'll still have the option to use two-step verification through text message or an authenticator app."
Dropbox is not shy about talking up the good work of FIDO, and at the start of July CEO Drew Houston told an audience in London (we have paraphrased) that passwords are dumb and that there is a better way.
"It's the weakest link that causes all the other ones to fail. Get a password management tool. Turn on two-factor authentication, which we provide for all our users," said Patrick Heim, Dropbox head of trust and security.
"I'm a huge fan of FIDO U2F. We are working on a project to integrate U2F and FIDO keys into Dropbox. I'm not going to give any kind of timescale on the launch of that just yet, but we have an engineering project for it. It will be coming." µ
Some deliberately, others through stupidity
Quite the business expense
It's another quantum leap camera
Evolution, not revolution, but that's just fine