cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn about updates that we've made to the Search experience on the Android and iOS apps?Well, you can learn from Luke on the Mobile App team right here.

Dropbox ideas

Got an idea for Dropbox? We want to hear it. Our team will review the top voted ideas, so share them here!

Dropbox Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Only use security keys as 2FA method

See more ideas labeled with:

Only use security keys as 2FA method

Enc
New member | Level 2
a week ago
Status: New
3 Comments (3 New)

Security Keys like YubiKeys are not a gimmick. They are meant to increase security by replacing less secure methods of 2FA.

The current process at dropbox forces me to have an SMS key or Authenticator app to use 2FA. Even when I add security keys SMS/Authenticator can not be removed. Therefore I cannot replace the less secure method with Security keys. Subsequently, security is not improved or even reduced, by allowing more methods.

 

The suggestion is to allow only e.g. two security keys and disable all other 2FA methods. This ties the account to physical tokens and makes exploitation of access impossible.

See more ideas labeled with:
  • 0 Likes
  • 3 Replies
  • 244 Views
0 Votes
3 Comments
Nancy
Dropboxer
a week ago

Thanks for your suggestion, @Enc

 

Just a clarification; do you receive the 2FA code via SMS/Authenticator app, even if you add a security key as a 2FA method?

 

Let me know, and we'll take it from there.

Jay
Dropboxer
yesterday

Hi @Enc, are you available to respond to my colleague's message earlier?

Enc
New member | Level 2
yesterday

I can choose what I can use as 2FA method. But I would like to get rid of the less secure method of SMS and only have security keys available. 

I am not receiving an SMS if I didn't choose. But an attacker that is able to intercept the SMS can choose the SMS during his authentication. 

Vote for this idea

Like this idea? Vote for it and we will give it the attention it deserves!

0 votes received Status: New

Top voted ideas from the Community