Two-step verification is an optional but highly recommended security feature that adds an extra layer of protection to your Dropbox account. Once enabled, Dropbox will require a six-digit security code in addition to your password whenever you sign in to Dropbox or link a new computer, phone, or tablet.
Before enabling two-step verification, you'll receive a special 16-digit backup code. It is very important that you write this key down and store it somewhere safe. If you ever lose your phone, or can't receive or generate a security code, you'll need this backup code for emergency access to your Dropbox.
If you choose to receive your security codes by text message, you'll need a phone capable of receiving text messages (carrier rates may apply). Whenever you successfully sign in to Dropbox using your password, a text message containing a security code will be sent to your phone. To enable this option:
Several mobile apps are available that will generate a unique time-sensitive security code you can use to finish signing in to your Dropbox account. Any app that supports the Time-based One-Time Password (TOTP) protocol should work, including the following:
To use one of these apps:
Most apps will generate security codes even when cellular/data service is not available - useful when traveling or where coverage is unreliable.
If you lose your phone and can't sign in with two-step verification, your admin can turn off two-step verification for you in the admin console.
If your administrator requires that you sign in through a central identity provider with single sign-on (SSO), here’s what you’ll see in your account settings:
Dropbox for Business admins: You can enforce that two-step verification stays enabled. You can either do this either through the admin console or through your identity management provider if you've set up single sign-on (SSO).