How do I enable two-step verification on my account?
Two-step verification is an optional but highly recommended security feature that adds an extra layer of protection to your Dropbox account. Once enabled, Dropbox will require a six-digit security code in addition to your password whenever you sign in to Dropbox or link a new computer, phone, or tablet.
Storing your emergency backup code
Before enabling two-step verification, you'll receive a special 16-digit backup code. It is very important that you write this key down and store it somewhere safe. If you ever lose your phone, or can't receive or generate a security code, you'll need this backup code for emergency access to your Dropbox.
Enable two-step verification
- Sign in to the Dropbox website.
- Click on your name from the upper-right of any page to open your account menu.
- Click Settings from the account menu and select the Security tab, or click here for a shortcut.
- Under Two-step verification section, click Enable.
- Click Get started.
- For security reasons, you'll be asked to re-enter your password to enable two-step verification. Once you do, you'll be given the choice to receive your security code by text message or to use a mobile app.
- After enabling the feature, consider adding a second phone number that can receive text messages as well. If you ever lose your primary phone, you'll be able to receive a backup security code to that number instead.
Use text messages
If you choose to receive your security codes by text message, you'll need a phone capable of receiving text messages (carrier rates may apply). Whenever you successfully sign in to Dropbox using your password, a text message containing a security code will be sent to your phone. To enable this option:
- Select Use text messages during the two-step verification setup.
- Enter the phone number where you'd like to receive text messages.
- You'll be sent a security code by text message. Verify your phone number and enable two-step verification by entering this code when prompted.
Use a mobile app
Several mobile apps are available that will generate a unique time-sensitive security code you can use to finish signing in to your Dropbox account. Any app that supports the Time-based One-Time Password (TOTP) protocol should work, including the following:
- Google Authenticator (Android/iPhone/BlackBerry)
- Duo Mobile (Android/iPhone)
- Amazon AWS MFA (Android)
- Authenticator (Windows Phone 7)
To use one of these apps:
- Select Use a mobile app during the two-step verification setup.
- You can choose to either scan the barcode (if your app supports it) or click enter your secret key manually to be given a secret key you can type into the app.
- Once your app is configured, you'll need to enter a security code generated by your authenticator app to verify setup and enable two-step verification.
Most apps will generate security codes even when cellular/data service is not available - useful when traveling or where coverage is unreliable.
For our advanced users
Linux users: Generating a security code from the command line
Those of you using a Unix or Linux shell might consider generating a security code using the OATH tool. This way you can generate a security code from your computer safely within the comfort of the command line.
Dropbox for Business users
If you lose your phone and can't sign in with two-step verification, your admin can turn off two-step verification for you in the admin console.
If your administrator requires that you sign in through a central identity provider with single sign-on (SSO), here’s what you’ll see in your account settings:
Dropbox for Business admins: You can enforce that two-step verification stays enabled. You can either do this either through the admin console or through your identity management provider if you've set up single sign-on (SSO).