Securing Dropbox account with Token2 FIDO Security keys

Dropbox is a cloud storage service that lets you save files online and sync them to your devices. You can use Dropbox links to share files and folders with other people without sending large attachments. Dropbox has an option of enabling two-step verification. This feature is also supported on Free Plan too. In this guide, we will show how to use Token2 Security keys as an additional method for two-step verification. After typing in your password, just insert your key into a USB port when you’re prompted, instead of typing in a six-digit code.


Note: This feature appears only after Two-step verification option is On. Currently, security keys are only supported on select devices and browsers, so you must first set up two-step verification for your Dropbox account and select to receive codes via SMS messages or mobile app. See our instructions here to learn how to use Token2 programmable TOTP tokens to protect your Dropbox account(as replacement of mobile app).

Requirements

• Admin access to enable security keys (not required if security keys are already enabled)
• Modern browser supporting security keys
• A Token2 FIDO security key; both first generation (U2F) or second generation (FIDO2) can be used

Enable security key in your Dropbox

1. Sign to Dropbox.com.
2. Click your avatar.
3. Choose Settings.
4. Select the Security tab.
5. Under Two-step verification, click Add next to Security keys.



6. Insert your security key into a USB port, then click Begin setup.



7. Enter the password.

Dropbox will start to identify the inserted security key, and then you will be prompted to press the button on security key to complete registration.
Note: Security keys differ in the exact instructions to activate them. Your key may require a tap or button press to activate registration.
If you are having difficulty completing security key registration, verify that your security key is U2F or WebAuthn capable.



8. Then click Allow.




9. Give name for your security key (can be empty) and click Finish.

Now the account ready to use this identity verification method. When Dropbox prompts you for your security key, insert it, and touch the button if it has a button.

The security key generates the required credentials, and the browser passes them on to Dropbox to complete the verification.