Today, Dropbox took a big step toward stronger account security. The company announced today it's enabling USB security keys for two-factor login, allowing users to supplement the traditional password login with a physical device, rather than the typical six-digit authentication code delivered over SMS. The keys are significantly more secure than SMS codes or even authentication apps, since they can't be intercepted by attackers and can't be copied by conventional means.
They're the same security keys that Google enabled for its own two-factor accounts back in October, designed to be interoperable under the FIDO spec. While the open specification means any company can make the keys, the best known version of the key is made by Yubico, available for $18. Yubico's key is a smaller, flatter version of the standard USB drive, typically kept on keychains and inserted into a computer whenever a two-factor login is required.