Security keys are physical USB dongles from companies like YubiCo that allow you to bypass the traditional app- and text message-based two-factor authentication schemes with their six-digit codes by simply plugging the key into your computer.
The advantage of these keys is that they make it almost impossible for a hacker to intercept both your password and the two-factor code. Regular two-factor authentication, after all, still leaves you vulnerable to phishing attacks while security keys will only exchange their codes with legitimate sites.
In case you ever lose your key (or you are on a mobile device without a USB port), you can always ask Dropbox to send you a text message instead.
I just went through the Dropbox setup process and it’s about as painless as possible. You simply plug in your key when prompted and you’re good to go.
The nice thing about the keys is that they can also work with other services, so it’s not like you need a separate key for every web app you use.
Because Chrome is currently the only browser to support U2F out of the box, you won’t be able to sign in to Dropbox with a security key with any other browser, though.