Data Backup Digest

Data security continues to be a pertinent issue for personal and enterprise users. It’s now not uncommon for companies to be the victims of cyberattacks, the result of which can commonly end with a personal data leak.

That data concern is even more important in the cloud, with the data resting on servers and potentially more vulnerable to data breaching. This is especially true with something like Dropbox, where your data is stored on the company’s servers, rather than creating a private and personal cloud.

Dropbox have been criticised for not providing enough security protections, with Edward Snowden describing the service as being “hostile to privacy.” With Dropbox’s number of business users growing, as this is where the money is to be made in the cloud market, they’ve begun to introduce additional security features.

As such, to try and combat the criticism, the cloud storage firm have announced that they will be supporting the open standard FIDO Universal Second Factor verification (U2F) in order to offer better security for all the accounts on their system. Dropbox have offered two-step verification for a long time, which means that users have to provide security codes from their phone, along with the usual username and password.

While two-step verification is great, since it adds an extra layer of protection between the user’s login and a hacker, it’s still not a fool proof method. If someone loses their phones or doesn’t have it charged, for example, then the account cannot be accessed. And although the six digit security code offers security in itself, it is still vulnerable from phishing attacks.

A sophisticated attack could lure a user to a fake Dropbox site and ask them to enter their password and verification code, thus then gaining access to the account. With U2F, Dropbox are taking their levels of security to the next notch.

U2F allows users to plug in USB devices that work as account keys. Rather than typing the code sent to the phone, users plug in their USB drives in order to gain access to their account. A USB device is more secure than an SMS message and also overcomes the issues mentioned earlier. Plus, unlike a verification code which could be inputted on a phishing site, the USB keys will only work with the real Dropbox website.

To get this special security code, all that’s required is a one-off purchase of the U2F USB key. This key can then be used for both person and enterprise accounts, along with other U2F services like Google apps. As such, if you’ve already got a key for another service then you can reuse the USB for Dropbox.

U2F is only supported by Dropbox on Chrome at the moment, so those using other browsers will have to use SMS verification or authentication apps if they want the two layers of protection to their accounts. And they should, since the more barriers you can put up to someone maliciously accessing your account, the better. The U2F codes will also only work on the website, not on the desktop client or mobile app.