Dropbox has already received a lot of criticism from various people, including whistleblower Edward Snowden, for not taking the appropriate measures to secure its users' data.
The company has now announced that it will be adding the use of USB key authentication to add an extra layer of security to its cloud service.
This new option of the Universal Second Factor (U2F) authentication will allow to users to have better security than just having the 6 digit text option. They can now have a dedicated USB device that will serve as a key to log into their accounts.
Unlike other authentications, U2F does not require any separate network connection or battery to work. It produces a two-step authentication system that can only be used through Chrome to avoid any phishing or malware attacks. This key is also used by Google and WordPress, but it is only available for Dropbox.
The company mentioned in a blog post that, “Even if you’re using two-step verification with your phone, some sophisticated attackers can still use fake Dropbox websites to lure you into entering your password and verification code. They can then use this information to access your account.”
In recent research at Imperva, the researchers found out that if the attackers gain access to the authentication token of a user, they can easily steal any data they want, or they can inject a ransomware into an account. Once hacked, the only way to get rid of them, is by deleting the account.