<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Only use security keys as 2FA method in Security and Permissions</title>
    <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/668523#M8092</link>
    <description>&lt;P&gt;Security Keys like YubiKeys are not a gimmick. They are meant to increase security by replacing less secure methods of 2FA.&lt;BR /&gt;&lt;BR /&gt;The current process at dropbox forces me to have an SMS key or Authenticator app to use 2FA. Even when I add security keys SMS/Authenticator can not be removed. Therefore I cannot replace the less secure method with Security keys. Subsequently, security is not improved or even reduced, by allowing more methods.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The suggestion is to allow only e.g. two security keys and disable all other 2FA methods. This ties the account to physical tokens and makes exploitation of access impossible.&lt;/P&gt;</description>
    <pubDate>Thu, 16 Mar 2023 19:01:42 GMT</pubDate>
    <dc:creator>Enc</dc:creator>
    <dc:date>2023-03-16T19:01:42Z</dc:date>
    <item>
      <title>Question about two-step verification</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/658705#M7200</link>
      <description>&lt;P&gt;Two-step verification, when connected Security keys how to remove the authorization method through the Authentication Application since it is no longer necessary and even lose the level of protection&lt;/P&gt;</description>
      <pubDate>Fri, 10 Feb 2023 22:51:28 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/658705#M7200</guid>
      <dc:creator>stalkerski</dc:creator>
      <dc:date>2023-02-10T22:51:28Z</dc:date>
    </item>
    <item>
      <title>Re: security</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/658716#M7201</link>
      <description>&lt;P&gt;Hey &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1620873"&gt;@stalkerski&lt;/a&gt;, welcome to our Community and thanks for using Dropbox!&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Can you please clarify what exactly you'd like to accomplish here?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Do you want to disable the Authentication App as a way to log into your account since you're using &lt;A href="https://help.dropbox.com/account-access/enable-two-step-verification#securitykey" target="_blank"&gt;security keys&lt;/A&gt; now, am I getting this right?&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Let me know more and we'll take it from there.&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 10 Feb 2023 23:05:46 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/658716#M7201</guid>
      <dc:creator>Walter</dc:creator>
      <dc:date>2023-02-10T23:05:46Z</dc:date>
    </item>
    <item>
      <title>Re: security</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/658718#M7202</link>
      <description>&lt;P&gt;yes, you understood me correctly, because e. keys is considered the highest level of security, and it seems to me that its meaning is lost or a less secure way to unlock an account remains active. it's like coming up with a password for an account where you can go through authorization without a password.&lt;/P&gt;</description>
      <pubDate>Fri, 10 Feb 2023 23:18:24 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/658718#M7202</guid>
      <dc:creator>stalkerski</dc:creator>
      <dc:date>2023-02-10T23:18:24Z</dc:date>
    </item>
    <item>
      <title>Re: security</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/658729#M7203</link>
      <description>&lt;P&gt;So, in this case, you can change from using an authenticator app to receiving an SMS text to access your account or disable the feature in general.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Can you give this a go through your account's &lt;A href="https://www.dropbox.com/account/security" target="_blank"&gt;Security page&lt;/A&gt; and let me know if it helps &lt;SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1620873"&gt;@stalkerski&lt;/a&gt;&lt;/SPAN&gt;?&lt;/P&gt;</description>
      <pubDate>Sat, 11 Feb 2023 00:00:45 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/658729#M7203</guid>
      <dc:creator>Walter</dc:creator>
      <dc:date>2023-02-11T00:00:45Z</dc:date>
    </item>
    <item>
      <title>Re: security</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/658731#M7204</link>
      <description>&lt;P&gt;the way via sms is even older than through the application. no function free app and sms leave only U2F&lt;/P&gt;</description>
      <pubDate>Sat, 11 Feb 2023 00:04:29 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/658731#M7204</guid>
      <dc:creator>stalkerski</dc:creator>
      <dc:date>2023-02-11T00:04:29Z</dc:date>
    </item>
    <item>
      <title>Re: security</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/659273#M7240</link>
      <description>&lt;P&gt;Thanks for your feedback on this &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1620873"&gt;@stalkerski&lt;/a&gt; - it's been noted in our system.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Let me know if you have anything else to add.&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 13 Feb 2023 16:22:09 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/659273#M7240</guid>
      <dc:creator>Walter</dc:creator>
      <dc:date>2023-02-13T16:22:09Z</dc:date>
    </item>
    <item>
      <title>Only use security keys as 2FA method</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/668523#M8092</link>
      <description>&lt;P&gt;Security Keys like YubiKeys are not a gimmick. They are meant to increase security by replacing less secure methods of 2FA.&lt;BR /&gt;&lt;BR /&gt;The current process at dropbox forces me to have an SMS key or Authenticator app to use 2FA. Even when I add security keys SMS/Authenticator can not be removed. Therefore I cannot replace the less secure method with Security keys. Subsequently, security is not improved or even reduced, by allowing more methods.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The suggestion is to allow only e.g. two security keys and disable all other 2FA methods. This ties the account to physical tokens and makes exploitation of access impossible.&lt;/P&gt;</description>
      <pubDate>Thu, 16 Mar 2023 19:01:42 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/668523#M8092</guid>
      <dc:creator>Enc</dc:creator>
      <dc:date>2023-03-16T19:01:42Z</dc:date>
    </item>
    <item>
      <title>Re: Only use security keys as 2FA method</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/668664#M8093</link>
      <description>&lt;P&gt;Thanks for your suggestion, &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1642303"&gt;@Enc&lt;/a&gt;.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Just a clarification; do you receive the 2FA code via SMS/Authenticator app, even if you add a security key as a 2FA method?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Let me know, and we'll take it from there.&lt;/P&gt;</description>
      <pubDate>Thu, 16 Mar 2023 19:11:32 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/668664#M8093</guid>
      <dc:creator>Nancy</dc:creator>
      <dc:date>2023-03-16T19:11:32Z</dc:date>
    </item>
    <item>
      <title>Re: Only use security keys as 2FA method</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/670921#M8094</link>
      <description>&lt;P&gt;Hi &lt;SPAN style="color:var(--ck-color-mention-text);"&gt;&lt;SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1642303"&gt;@Enc&lt;/a&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;, are you available to respond to my colleague's message earlier?&lt;/P&gt;</description>
      <pubDate>Fri, 24 Mar 2023 10:30:56 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/670921#M8094</guid>
      <dc:creator>Jay</dc:creator>
      <dc:date>2023-03-24T10:30:56Z</dc:date>
    </item>
    <item>
      <title>Re: Only use security keys as 2FA method</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/670956#M8095</link>
      <description>&lt;P&gt;I can choose what I can use as 2FA method. But I would like to get rid of the less secure method of SMS and only have security keys available.&amp;nbsp;&lt;BR /&gt;&lt;BR /&gt;I am not receiving an SMS if I didn't choose. But an attacker that is able to intercept the SMS can choose the SMS during his authentication.&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 24 Mar 2023 12:10:39 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/670956#M8095</guid>
      <dc:creator>Enc</dc:creator>
      <dc:date>2023-03-24T12:10:39Z</dc:date>
    </item>
    <item>
      <title>Re: Only use security keys as 2FA method</title>
      <link>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/672960#M8097</link>
      <description>&lt;P&gt;Hi &lt;SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1642303"&gt;@Enc&lt;/a&gt;&lt;/SPAN&gt;, your comments on this have been quite helpful, and I will do everything I can to ensure that your voice is heard.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I'll forward your feedback to the appropriate areas so we can continue to improve.&lt;/P&gt;</description>
      <pubDate>Thu, 30 Mar 2023 17:08:10 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Security-and-Permissions/Question-about-two-step-verification/m-p/672960#M8097</guid>
      <dc:creator>Megan</dc:creator>
      <dc:date>2023-03-30T17:08:10Z</dc:date>
    </item>
  </channel>
</rss>

