Dropbox has begun supporting USB-based security keys to improve log-in security and better protect users from phishing attempts. The Universal 2nd Factor (U2F) security keys can be used when signing in to the popular cloud storage service. This comes as a welcome security measure after Imperva researchers recently revealed a new type of attack on synchronisation services (such as Dropbox) called Man-in-the-Cloud Attacks. Ryan Kalember, VP Cybersecurity Strategy at Proofpoint, commented on the security of Dropbox.
[su_note note_color=”#ffffcc” text_color=”#00000″]Ryan Kalember, VP Cybersecurity Strategy at Proofpoint :
“Dropbox credential phishing has been a popular attack for some time now, so this is definitely progress. That said, it’s not a silver bullet – it’s very difficult to get users to do anything differently to improve security, much less carry around another physical object with them. Smartphone-based 2FA has been reasonably popular because it doesn’t have that requirement, despite the phishing risks. It’s also worth pointing out that hackers have already beaten extremely similar security mechanisms for online banking systems – and because of the limitations of the USB protocol (i.e. there aren’t USB ports on smartphones, or even some newer MacBooks), Dropbox is still supporting the other, phishable authentication techniques.”[/su_note][su_box title=”About Proofpoint” style=”noise” box_color=”#336588″]
Proofpoint Inc. (NASDAQ:PFPT) is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance, and secure communications. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information.[/su_box]
Executive Vice President of Cyber Security Strategy
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.