Today, Dropbox is proud to help lead the way. But this only matters if services actually let you use WebAuthn to securely sign in. These could include your laptop or phone, which might prompt you for your fingerprint or a PIN code as part of the authentication process. More and more devices will have WebAuthn support built in, bringing stronger security to the many users who don’t own special security keys.
While for years only Chrome supported U2F, browser vendors have committed to bringing WebAuthn to Chrome, Firefox, and Edge. It’s a new way to interact with security keys and other “authenticators” that standardizes and builds on key parts of U2F, the result of a collaboration between the W3C and FIDO Alliance. This cryptographic proof makes U2F security keys a very strong form of two-step verification, but adoption of U2F has been limited by browser and hardware support. Security keys prevent phishing by giving Dropbox cryptographic proof that you both have your key and are using it on (instead of a phishing page). That’s why Dropbox was one of the first services to adopt Universal 2nd Factor (U2F) for security keys in 2015. For example, a fake Dropbox sign in page could ask for your username, password, and the two-step code.
While easy to adopt, using one time codes for two-step verification has weaknesses. In most forms of two-step verification, a user enters a one time code after providing their username and password, and before being signed in. And it’s why we’re excited today to announce support for WebAuthn (“Web Authentication”) in two-step verification, a new standard for strong authentication on the web.
That’s why we recommend turning on two-step verification for your account, which adds an extra layer of difficulty for anyone who has guessed, eavesdropped on, or tricked you into giving them your password. Every time you sign in you have to tell the website your password, making it more challenging to keep the secret safe. Unfortunately passwords don’t work that way. The easiest way to keep a secret is to not tell it to anyone.
0 kommentar(er)
