How to select Hardware Token (key) as primary 2FA method

Hi bhagmeister, thanks for bringing this to our attention.

Are you logging back into the Dropbox site, or via the app itself? Have you followed all the steps in this article? 

We'd recommend keeping the mobile phone number connected in case you lose the Yubikey, as a backup method to login to the account, as without it you won't be able to login again, even from our end.

Keep me updated with any details.

thanks for the reply. I’ve logged out of the (web) app as well as mobile app. The options presented for primary method is either SMS or Mobile Authentication app - there is no option to promote hardware token(s) as primary method. 

Hey bhagmeister!

Does the key you wish to use as a 2FA method follow these standards; ‘FIDO Universal 2nd Factor (U2F)' or 'Web Authentication (WebAuthn)', also known as 'FIDO2’?

Can you send me a screenshot of what you see when visiting your Security page, under the Two-step verification section?

Hmmm. I’ve tried again on both iPhone and iPad to log back into the web app (dropbox.com) and…. both properly asked for my hardware key. Go figure. That said, here are the screenshots in question (see below). You’ll see the choice of only SMS or Mobile App.

FYI: i’m using (2) Yubi 5C NFC keys

Thanks for the screenshots, bhagmeister.

Does this mean that your issue is now resolved, despite what the screenshots show?

Are you required to present your YubiKeys when trying to login, say, from a private browsing window?

Hi, I have to agree with the previous speaker. The hardware key is not offered in the security settings under "preferred method". It would be nice if you could change this. DropBox will only be really secure when I can deactivate all insecure methods. An attacker tests until he finds something to get in. And somehow we all don't want that. For this reason: "preferred" e.g. YubiKey and "backup" sms.