How To Use Dropbox Two-Step Verification

How To Use Dropbox Two-Step Verification

Two-step verification is one of the best ways to secure your online accounts. It’s now an option for popular storage and syncing service Dropbox, ensuring that even if someone knows your password, they can’t sign into Dropbox online or maliciously add a new device. Here’s how to set it up.

You can begin the process of setting up Dropbox for two-factor authentication by clicking this link, or by visiting the Security tab on your accounting settings page. You can choose between using a text message to receive a verification code, or running a mobile app on your device. Supported mobile apps include Google Authenticator for iOS, Android and BlackBerry; Amazon AWS MFA for Android; and Authenticator for Windows Phone 7. The text message option is easy to set up, and works with international numbers (we set it up easily with an Australian number).

Once two-factor authentication is enabled, whenever you sign into Dropbox online or add a new device you’ll be sent a one-time code you’ll need to enter in addition to your current password. Dropbox also supplies you with an emergency code you can use to disable two-factor authentication if you ever lose access to your phone number.

Using two-factor authentication is a sensible step every Dropbox user should enable. (It’s also a good idea to set it up for your Google account.) If you want even more security options for Dropbox, consider adding a second layer of encryption.

Try Two-Factor Verification [Dropbox via BetaNews]


    • I have, and will implement two-factor authentication on every service I use – Google, Paypal, Ebay, Amazon, Dropbox, and Facebook – they all support this, and I am 100% in support of more companies adding it

    • Except they did do that, it says it right there in the summary – they just used different authentication apps. I could be wrong, but there doesn’t seem to be a huge difference between how yours would work and how their chosen method works?

    • “Two-Factor authentication sucks.” – does it suck more than having your digital (then actual) life stolen from you because you were too lazy to value the increasing importance, volume and frequency of personal data being transacted digitally everyday.

      Yes it’s mildly more annoying than not having it turned on. But when (not if) the day comes and you lose control of your account(s) / password(s) details…. most likely though NO fault of your own…. thanks to some clever hacker or some flawed security implementation at one of the services you use…. when that day comes… you’ll either be SO thankful that you bothered to put up with some ongoing minor inconveniences and now you have “nothing to worry about” because even though the database with usernames and passwords got loose… no one can get into your account because you have TFA turned on… or you’ll be devastated and gutted and spend weeks and months trying to piece your life and identity back together and BEGGING you could pay any amount just to go back to now, to Aug 27th 2012 and turn ON the TFA for the services you use.

      Think I’m being overly dramatic… you are wrong. It WILL happen to all of us. More than once. The only question is how badly do You want to be affected.

      Sadly… much like backups… this kind of lesson can only usually be “taught” the hard way.

  • I’m so happy that Dropbox has finally added this feature. It was one of the last services that I use that didn’t have two-factor authentication.

    Computers that are already linked to your account will continue to work as normal once you set up the feature, it is only when you log on to the website or link a NEW device that it will ask for the code, so realistically you won’t need to worry about the code much at all. It seems to be win/win.

  • Unfortunatly Dropbox has failed to implement this correctly, just like google drive and google picasa for the desktop.

    Right click a file in windows explorer > Dropbox > Browse on dropbox website – BOOM full access to your dropbox with no prompt for two factor code.

    Anyone can reset a windows password (yes there are ways around this eg encrypting the whole drive). If my PC is lost and someone gets into it they can see all the files locally, but they shouldn’t be able to access dropbox, change the password, delete the account, etc, etc

    This is why I use to sync google drive rather than the native client.

  • I use Two-Factor Authentication across a lot of my accounts. I feel a lot more secure when I can telesign into my account. If you have that option available to you use it, it is worth the time and effort to have the confidence that your account won’t get hacked and your personal information isn’t up for grabs. I’m hoping that more companies start to offer this awesome functionality. This should be a prerequisite to any system that wants to promote itself as being secure.

Show more comments

Log in to comment on this story!