Last Wednesday (because REMEMBER, The PractitioNERD is currently NOT a news/breaking news kind-of website), Dropbox put their money where their mouth is by announcing their next step toward stronger account security through the implementation of USB security keys. Users will be able to use USB security keys for two-factor login in order to allow users to use their traditional password login with a physical device, instead of the six-digit authentication code delivered through SMS. These USB keys are MUCH more secure than SMS codes and authentication apps as they are unable to be intercepted by attackers nor be copied by conventional means.
You might recall a similar story published on The PractitioNERD last November about Google enabling similar interoperable FIDO-spec security USB keys for its own two-factor accounts. While it’s true that the open specification means any company can make the keys, the best known version of the USB security key are Yubico’s smaller, flatter $18 variety, which are usually kept on keychains, then inserted into a computer when a two-factor login is needed.
[Thanks Dropbox Blog]
