Dropbox To Support Intel Kaby Lake U2F Authentication, But It’s No Security Panacea

[Lucian Armasu]

Dropbox announced support for Intel Kaby Lake's built-in U2F authentication protocol to improve the security of its accounts. The feature is mainly a convenience improvement that could increase adoption of two-factor authentication among Dropbox users.

Dropbox To Support Intel Kaby Lake U2F Authentication, But It’s No Security Panacea : Read more

 

[Achoo22]

This is a huge backwards step for users. These technologies are being leveraged to secure *us*, not our data. I miss the old VGA standards that allowed me to peek and poke on a per-pixel basis - I don't want "protected display" technologies that prevent me from inspecting my "personal" computer and I don't wish to assist companies in tracking me further.

 

[cbsecurity]

Automated and convenient is music to the ears of malicious hackers. I've been a huge fan of 2-factor when the utilized with SMS/app, token devices and print/retinal authentication. The "2" is already getting old, however, and "multi" is the term I look for in authentication for sensitive data these days. But I also think it should be a choice once you move past U2F. Regardless, I actually think you're better off with SMS/app based U2F so won't be too happy when Dropbox finally removes in favor for the "ubiquitous" change to come.

 

[tsnor]

"...above SMS authentication, which NIST has already recommended to be deprecated as it has proven to be too insecure...." I'd be interested in hearing how SMS authentication is attacked.

wired said https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/
"..Attacks on political activists in Iran, Russia, and even here in the US have shown that determined hackers can sometimes hijack the SMS messages meant to keep you safe. Whenever possible, it’s worth taking a minute to switch to a better system, like an authentication smartphone app or a physical token that generates one-time codes..." Not sure how this would apply to me protecting my Steam account.

 

[bit_user]

So, would this work with virtualization? Or does it only work with a monitor that's physically connected to the system containing the CPU, without any hypervisor or virtual device drivers in between?