Dropbox Adds Support For FIDO U2F, YubiKeys

Today, cloud storage giant Dropbox announced to its more than 400 million users that it now supports FIDO U2F, including YubiKey security keys, for strong two-factor authentication.

On the company’s blog, Dropbox said users now can protect their files with U2F-powered devices in addition to the current feature of a one-time code sent to a mobile phone. U2F devices include YubiKeys, which enable high-security, public key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks.

FIDO U2F removes cost and complexity from traditional public key and smart card technology. U2F-powered YubiKeys can be purchased from the Yubico store or at Amazon.com. One single U2F device can access Google, Dropbox, WordPress and any number of U2F-compliant services. No client software or third-party services are needed, and no encryption secrets or information about users are shared between service providers.

The emerging open authentication U2F standards initiative was co-created by Yubico, Google and NXP, and turned over to the 200-member strong FIDO Alliance. Dropbox is the first major non-FIDO member to recognize the security advantages of FIDO U2F and offer those benefits to its customer base. FIDO membership is not a requirement for adopting FIDO U2F. The standards specifications for USB form-factor keys have been publicly available since December 2014, and the server code is free. Recently the FIDO U2F Technical Working group published specifications for NFC and Bluetooth transports for secure authentication mobile platforms. In addition, the FIDO Alliance announced today its latest round of products that have achieved FIDO certification. All U2F-compliant YubiKeys have earned the FIDO Certified designation.

Today, trillions of dollars are lost, and billions of internet users risk getting their online accounts hacked because of compromised static credentials. It’s encouraging that some great large-scale service providers are adopting technologies that represent the future of authentication — simple, open and secure, yet safeguarding your privacy.

The Yubico lineup supports FIDO U2F, and works out-of-the-box with services like Dropbox and many others. In addition to FIDO U2F, YubiKeys can support OATH One-Time Password, OpenPGP, and smart card (PIV) capabilities. For more information, see the YubiKey feature comparison chart.

Visit our Works With YubiKey catalog to find instructions on how to register a U2F-compliant YubiKey with your Dropbox account.

Talk to our teamTalk to our team

Share this article:


  • Introducing new features for Yubico Authenticator for iOSWe’re excited to share the new features now available for Yubico Authenticator for iOS in the latest app update on the App Store. Many of these improvements aim to address frequently requested features from our customers, while providing additional new functionalities for a seamless authentication experience on iOS.  With increased interest in going passwordless and […]Read moreiOSYubico Authenticator
  • Platform independent digital identity for all Many are understandably concerned that the great invention called the Internet, initially created by researchers for sharing information, has become a major threat to democracy, security and trust. The majority of these challenges are caused by stolen, misused or fake identities. To mitigate these risks, some claim that we have to choose between security, usability […]Read moreDigital IdentityEUDIFounderStina Ehrensvard
  • Q&A with Yubico’s CEO: Our move to the main Nasdaq market in StockholmAs 2024 draws to a close, it’s the perfect time to reflect on the incredible journey we’ve had this year and how it has shaped where we stand today as a company. To mark this moment, I sat down with our CEO, Mattias Danielsson, to look back on the milestones and achievements of 2024—culminating in […]Read moreCEOMattias Danielsson
  • Exploring DORA: A look at the next major EU mandateFinancial institutions have historically managed operational risk using capital allocation, but under EU Regulation 2022/2554 – also known as the Digital Operational Resilience Act (DORA) – the financial sector and associated entities in the European Economic Area (EEA) must also soon follow new rules. These new rules focus on the protection, detection, containment, and the […]Read moreDORAEU