Forum Discussion

Enc's avatar
Enc
New member | Level 2
3 years ago

Re: Question about two-step verification

Security Keys like YubiKeys are not a gimmick. They are meant to increase security by replacing less secure methods of 2FA.

The current process at dropbox forces me to have an SMS key or Authenticator app to use 2FA. Even when I add security keys SMS/Authenticator can not be removed. Therefore I cannot replace the less secure method with Security keys. Subsequently, security is not improved or even reduced, by allowing more methods.

 

The suggestion is to allow only e.g. two security keys and disable all other 2FA methods. This ties the account to physical tokens and makes exploitation of access impossible.

4 Replies

  • Nancy's avatar
    Nancy
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    3 years ago

    Thanks for your suggestion, Enc

     

    Just a clarification; do you receive the 2FA code via SMS/Authenticator app, even if you add a security key as a 2FA method?

     

    Let me know, and we'll take it from there.

  • Jay's avatar
    Jay
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    3 years ago

    Hi Enc, are you available to respond to my colleague's message earlier?

  • Enc's avatar
    Enc
    New member | Level 2
    3 years ago

    I can choose what I can use as 2FA method. But I would like to get rid of the less secure method of SMS and only have security keys available. 

    I am not receiving an SMS if I didn't choose. But an attacker that is able to intercept the SMS can choose the SMS during his authentication. 

  • Megan's avatar
    Megan
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    3 years ago

    Hi Enc, your comments on this have been quite helpful, and I will do everything I can to ensure that your voice is heard.

     

    I'll forward your feedback to the appropriate areas so we can continue to improve.

About Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!