It would be great was a Dropbox Advanced Security Option similar to
[Search for google advanced protection program]
In short, if you enroll a main (wireless capable) security key and a backup security key, then you have the option to require a security key for login. (Basically it just disables text messages/app codes as a valid second factor for login).
There only need to be support for Computer Browsers and the iOS/Android app (not any third-party apps) The program from Google they have a similar policy for requiring the use of Google Apps.