≡ Menu ≡ Menu

How to: Enable Dropbox Two-Step Authentication

Isn’t the Cloud great?  You can store all sorts of information up there without having to worry about local storage, it’s available almost anywhere at any time, and you know that it’s backed up in a completely different physical location. You can easily choose one of many providers to backup all your photos, financial information, passwords, and whatever else you want. And many companies even use it to easily transfer information between branch offices.

However there is of course downsides, and one of these is the possibility someone else gets access to your data.  After a security breach with Dropbox, they’ve now given you the option of adding two-step authentication to your account.  The two-step authentication codes can be obtained via SMS, Google Authenticator, Amazon’s AWS MFA, and Windows 7 Authenticator.

I’ve covered 2 factor authentication for Google, now how about Dropbox?

How do you enable it?  Read on.

You need to go to your account summary to enable the two-step authentication.

I’m not sure how  many people have actually seen this screen, but it’s a nice summary of access to your account.  If you see access from say China or Russia and you haven’t been there, you might have a problem. :)  The new option to enable two-step verification is down the bottom left.

Put in your normal Dropbox password.

So here you can choose whether you want your two-factor code SMSed to you or if you want to add it to a two-step mobile app. SMS is fine but can be a pain if you’re overseas or out of phone range. I use Google Authenticator for all my Gmail accounts and Lastpass, so I’m going with this option. The Google Authenticator client is available for Android, iOS, and Blackberry. I’m assuming that Windows 7 Authenticator and Amazon AWS Virtual MFA work pretty much the same.

Start up Google Authenticator on your smartphone.

Hit the Menu button and choose the Add account button.

Press Scan barcode and capture the QR Code. If you’re running the authenticator on multiple devices, then it’s worth scanning the code in now on all of them.

Note, it’s also worth taking a backup (screenshot) of the QR-Code and storing it somewhere safe. Then if you ever need to replace your device or add a new device, you don’t have to disable and re-enable the two-step authentication.

Just to make sure you’ve got it right and everything’s working Dropbox will ask you to use your Authenticator and put in the two-step code.Here’s an emergency code, just in case you you don’t have your phone with you, or your phone’s flat and you  need to get access to your Dropbox.  DON’T store it in Dropbox :)

And you’ve now got two-step authentication. :)

Now next time you log into Dropbox via a new browser or machine, you’ll get the above dialogue.  Open up Google Authenticator and whack in your time sensitive code and you’re in.  If it’s on one of your own machines you can tick “Trust this computer” and you won’t be asked for the code again.  If you’re on a shared or internet cafe computer then don’t tick it, and if anyone tries to get in after you, they’ll have to contend with the two-step authentication.

Similarly when you load a new  desktop/notebook with the full client, the first time you run it it will ask you for a security code.

I’ve seen people comment that two-step authentication is complicated and convoluted. It might be a bit too complexed for “ma an pa”  and it does involve extra setup and work, but to me the peace of mind from the added security is worth the effort.

Hope this helps you :)

{ 1 comment… add one }

  • Jason September 20, 2012, 11:48 am

    I use Two-Factor Authentication across a lot of my accounts. I feel a lot more secure when I can telesign into my account. If you have that option available to you use it, it is worth the time and effort to have the confidence that your account won’t get hacked and your personal information isn’t up for grabs. It would be nice to see more of the leading companies in their respective verticals start giving their users the perfect balance between security and user experience. I know some will claim that 2FA makes things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. I’m hoping that more companies start to offer this awesome functionality. To me this should be a prerequisite to any system that wants to promote itself as being secure.

Leave a Comment