How to add two-step verification to your Dropbox account

Martin Brinkmann
Aug 25, 2012
Updated • Dec 11, 2012
Security
|
5

One of the solutions that companies came up with to fight against hacking attempts is the so called 2-step verification. Companies like Google, Blizzard, PayPal or Facebook have added 2-factor authorizations to their services that users can opt-in to. What this basically does is add a second layer of verification to the login process. Instead of just signing in with your username and password, you are asked to supply another code that is either generated with the help of a hardware device, like the Verisign Identity Protection keys that PayPal uses, or by sending a generated code to a registered mobile phone number.

And now it is Dropbox that has added two-step verifications to its file synchronization and hosting service. The service is only available if you have installed the experimental build 1.5.12 which you can download from the Dropbox forums for all supported operating systems.

Once you have downloaded and installed the latest version you need to visit the Try Two-Factor authentication page on the Dropbox account page.

dropbox two factor authentication

Locate the Account sign in part on the page and there the Two-step verification entry. It should say disabled, and you need to click on change to enable the new feature. You will see the following information pop up on the screen.

two step verification

You are asked to enter your Dropbox account password again when you click on Get started. Please note that mobile phone is just one of the options that you have to enable two-step verification for your account.

enable two step verification

As you can see, you can select to get the security codes sent to your mobile phone, or use an authenticator app instead. Dropbox at the time of writing supports Google Authenticator, Amazon AWS MFA and Authenticator for Windows Phone 7.

If you select mobile phone, you are asked to enter a mobile phone number on the next page. The majority of countries, if not all, seem to be supported. You will receive an SMS afterwards with a code that you then need to enter on the next page to complete the setup of the two-step verification security feature.

You will also get an emergency backup code that you need to write down. I have added it as a note to the Dropbox entry in the password manager KeePass for safe keeping.

Two-step verification kicks in when

  • you try to log in to your account on the Dropbox website
  • when you connect an account for the first time on a computer the Dropbox software is running on

You can disable the authentication improvement on the security tab page of the Dropbox website again at any time.

It is very likely that the feature will be integrated in the next stable version of the Dropbox client software.  (via Caschy)

Advertisement

Previous Post: «
Next Post: «

Comments

  1. Allan said on August 27, 2012 at 5:12 pm
    Reply

    I use Two-Factor Authentication across a lot of my accounts. I feel a lot more secure when I can telesign into my account. If you have that option available to you use it, it is worth the time and effort to have the confidence that your account won’t get hacked and your personal information isn’t up for grabs. I’m hoping that more companies start to offer this awesome functionality. This should be a prerequisite to any system that wants to promote itself as being secure.

  2. Michal Wendrowski said on August 27, 2012 at 1:03 am
    Reply

    Two-Factor authentication sucks. It’s too hard for users. Most people will never us it. Dropbox should consider using Rublon (yes, that’s my startup): https://rublon.com

    7 reasons why you should add Rublon to your website:
    http://blog.rublon.com/2012/why-add-rublon/

  3. ilev said on August 26, 2012 at 6:00 pm
    Reply

    Good move by Dropbox.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.