Add an extra layer of security

Protect your account with two-step verification, an optional but highly recommended security feature.

Once two-step verification is enabled, Dropbox will require you to enter a six-digit security code in addition to your password when you sign into the Dropbox website or link a new device.

Enabling two-step verification

Before enabling two-step verification, you’ll receive ten 8-digit backup codes. It’s very important that you write these keys down and store them somewhere safe. If you ever lose your phone, or can’t receive or generate a security code, you’ll need one of these backup codes for emergency access to your Dropbox.

To enable two-step verification:

1. Sign in to the Dropbox website.
2. Click on your name in the upper-right of any page to open your account menu.
3. Click Settings from the account menu and select the Security tab.
4. Select Enable under Two-step verification.
5. Click Get started.

Re-enter your password to enable two-step verification, and then choose how you want to receive your security code (see the following section).

Choosing your authentication method

You'll need a mobile phone to access your six-digit security code. You can either have the code texted to you, or you can download an app that automatically generates a code for you.

Use text messages:

If you choose to receive your security codes by text message, you'll need a phone capable of receiving text messages (carrier rates may apply). Whenever you successfully sign in to Dropbox using your password, a text message containing a security code will be sent to your phone. To enable this option:

1. Select Use text messages during the two-step verification setup.
2. Enter the phone number where you'd like to receive text messages.
3. You'll be sent a security code by text message. Verify your phone number and enable two-step verification by entering this code on the website when prompted.

Use a mobile app:

Several mobile apps are available that will generate a unique time-sensitive security code you can use for two-step verification purposes. Any app that supports the Time-based One-Time Password (TOTP) protocol should work, including the following:

1. Google Authenticator (Android/iPhone/Blackberry)
2. Duo Mobile (Android/iPhone)
3. Authenticator (Windows Phone 7)

Most apps will generate security codes even when cellular/data service is not available - useful when traveling or where coverage is unreliable.

To use one of these apps:

1. Select Use a mobile app during the two-step verification setup.
2. Choose to either scan the barcode (if your app supports it) or click enter your secret key manually to be given a secret key you can type into the app.
3. Once your app is configured, enter the security code generated by your authenticator app to verify setup and enable two-step verification.

Note: When setting up two-step verification, consider adding a second phone number that can receive text messages as well. If you ever lose your primary phone, you'll be able to receive a backup security code at your secondary number instead.