Skip to main content

Dropbox will now let you use a USB key for two-factor login

Dropbox will now let you use a USB key for two-factor login

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Today, Dropbox took a big step toward stronger account security. The company announced today it's enabling USB security keys for two-factor login, allowing users to supplement the traditional password login with a physical device, rather than the typical six-digit authentication code delivered over SMS. The keys are significantly more secure than SMS codes or even authentication apps, since they can't be intercepted by attackers and can't be copied by conventional means.

They're the same security keys that Google enabled for its own two-factor accounts back in October, designed to be interoperable under the FIDO spec. While the open specification means any company can make the keys, the best known version of the key is made by Yubico, available for $18. Yubico's key is a smaller, flatter version of the standard USB drive, typically kept on keychains and inserted into a computer whenever a two-factor login is required.