Replace OTPs with USB Security key

Arpan SinhaCyber Security

Security key

Two-factor authentication provides an extra layer of security to your account. It provides a method of combining two different kinds of login approaches to add some extra security, but that’s not enough. 2FA is stronger than password-based authentication, but it is prone to phishing attacks. An account that has a very strong password, and a 2FA security service that sends an OTP every time you try to log in may not be completely hack-proof. The OTP generated through various random algorithms can also be defeated. Various phishing sites can trick users into entering both their passwords and temporary codes. In this way, the attacker can easily bypass the security.

Dropbox, a cloud-based storage service, concluded that complete reliance on one-time passwords can sometimes be dangerous. So, they have started a new feature that requires a FIDO U2F security key, which looks like the picture below. This can be used additionally with your password as a second-factor tool.Unless you lose it, it can’t be tricked.


Image Source:


The Security Key only works on Google Chrome for now. Starting with this version, the browser has built-in support for an open protocol called Universal 2nd Factor (U2F).  FIDO Alliance, a multi-vendor alliance that aims to develop hack-proof second-factor authentication tools developed the U2F. Because Chrome supports this protocol, Various other websites can also use it. This physical key doesn’t just provide a tool for 2FA but it also ensures, using cryptography, that the site is not a phishing site. So be extra cautious.

If you want to buy this authentication tool, you’ll have to buy a FIDO-certified device from any vendor selling it. Currently, it is available only on Amazon’s international site for around $18, but you can also buy this in India from local vendors for a little less. Just make sure they have the “FIDO U2F Ready” logo on them.

Apart from this USB key, there are various other similar devices such as the audio jack authenticator, the USB touch authenticator and so on.