Add an extra layer of security
Protect your account with two-step verification, an optional but highly recommended security feature.
Once two-step verification is enabled, Dropbox will require you to enter a six-digit security code in addition to your password when you sign into the Dropbox website or link a new device.
Enabling two-step verification
Before enabling two-step verification, you’ll receive ten 8-digit backup codes. It’s very important that you write these keys down and store them somewhere safe. If you ever lose your phone, or can’t receive or generate a security code, you’ll need one of these backup codes for emergency access to your Dropbox.
To enable two-step verification:
- Sign in to the Dropbox website.
- Click on your name in the upper-right of any page to open your account menu.
- Click Settings from the account menu and select the Security tab.
- Select Enable under Two-step verification.
- Click Get started.
Re-enter your password to enable two-step verification, and then choose how you want to receive your security code (see the following section).
Choosing your authentication method
You'll need a mobile phone to access your six-digit security code. You can either have the code texted to you, or you can download an app that automatically generates a code for you.
Use text messages:
If you choose to receive your security codes by text message, you'll need a phone capable of receiving text messages (carrier rates may apply). Whenever you successfully sign in to Dropbox using your password, a text message containing a security code will be sent to your phone. To enable this option:
- Select Use text messages during the two-step verification setup.
- Enter the phone number where you'd like to receive text messages.
- You'll be sent a security code by text message. Verify your phone number and enable two-step verification by entering this code on the website when prompted.
Use a mobile app:
Several mobile apps are available that will generate a unique time-sensitive security code you can use for two-step verification purposes. Any app that supports the Time-based One-Time Password (TOTP) protocol should work, including the following:
- Google Authenticator (Android/iPhone/Blackberry)
- Duo Mobile (Android/iPhone)
- Amazon AWS MFA (Android)
- Authenticator (Windows Phone 7)
Most apps will generate security codes even when cellular/data service is not available - useful when traveling or where coverage is unreliable.
To use one of these apps:
- Select Use a mobile app during the two-step verification setup.
- Choose to either scan the barcode (if your app supports it) or click enter your secret key manually to be given a secret key you can type into the app.
- Once your app is configured, enter the security code generated by your authenticator app to verify setup and enable two-step verification.
Note: When setting up two-step verification, consider adding a second phone number that can receive text messages as well. If you ever lose your primary phone, you'll be able to receive a backup security code at your secondary number instead.