As the 12 Days of 2FA continue, we wrap up the week with a guide to enabling two-factor authentication on Dropbox. Dropbox supports 2FA over SMS or over one of several popular authentication apps.
On a cloud storage and sharing service like Dropbox, protecting shared files often means working with others. Protecting your account with 2FA gives your documents and files the best security when the people you share them with do the same. For a more comprehensive list of cloud services that support 2FA, check twofactorauth.org.
See below for steps to enable 2FA on Dropbox, and share this tutorial so your friends and colleagues can learn how, too.
Click on your name in the top right corner and choose “Settings.” Your settings page will open in a separate tab.
Click the “Security” tab. Under “2-Step Verification,” click “Click to enable.”
Click “Get started.”
At this point you’ll be asked to enter your password. Enter it and click “Next.”
Now you have a choice between using text messages or an authenticator app as your primary 2FA method. Using text messages is selected by default. Authenticator apps are more secure and avoid a lot of the downfalls of SMS. However, text messages can be more practical if you do not use a smartphone. Consider your threat model and choose the best mode for you.
If you want to use an authenticator app, select “Use a mobile app” and click “Next.” Open your authenticator app on your mobile phone, scan the QR code, and click “Next.” Enter the code from your authenticator app (without any spaces) and click “Next.”
If you want to use text messages, select “Use text messages” and click “Next.” Enter a mobile phone number at which you can receive texts and click “Next.”
Shortly after you click, you will receive a text message with your verification code. Enter it and click “Next.”
Regardless of the method you chose, you can finish up by choosing an (optional) backup phone number at which you can receive texts if you can’t access your authenticator app or primary phone number.
Finally, you’ll get backup or recovery codes. Write these down or print them and keep them in a safe place. Click “Next” and you’re finished.
Back at your security settings, you can view your recovery codes and generate more, enable a hardware security key, and edit your primary and backup 2FA modes.
Stay tuned for more posts on two-factor authentication during the 12 Days of 2FA.
Related Issues
Join EFF Lists
Related Updates
Deeplinks Blog by Karen Gullo | April 1, 2024
Ola Bini Faces Ecuadorian Prosecutors Seeking to Overturn Acquittal of Cybercrime Charge
Ola Bini, the software developer acquitted last year of cybercrime charges in a unanimous verdict in Ecuador, was back in court last week in Quito as prosecutors, using the same evidence that helped clear him, asked an appeals court to overturn the decision with bogus allegations of unauthorized access...
Deeplinks Blog by Paige Collings | March 8, 2024
Four Voices You Should Hear this International Women’s Day
Around the globe, freedom of expression varies wildly in definition, scope, and level of access. The impact of the digital age on perceptions and censorship of speech has been felt across the political spectrum on a worldwide scale. In the debate over what counts as free expression and how it...
Deeplinks Blog by Paige Collings, Thorin Klosowski | March 8, 2024
Four Infosec Tools for Resistance this International Women’s Day
While online violence is alarmingly common globally, women are often more likely to be the target of mass online attacks, nonconsensual leaks of sensitive information and content, and other forms of online violence. This International Women’s Day, visit EFF’s Surveillance Self-Defense (SSD) to learn how to defend yourself and...
Deeplinks Blog by Karen Gullo | February 7, 2024
Protect Good Faith Security Research Globally in Proposed UN Cybercrime Treaty
Statement submitted to the UN Ad Hoc Committee Secretariat by the Electronic Frontier Foundation, accredited under operative paragraph No. 9 of UN General Assembly Resolution 75/282, on behalf of 124 signatories. We, the undersigned, representing a broad spectrum of the global security research community, write to express our serious concerns...
Deeplinks Blog by Karen Gullo | February 7, 2024
Draft UN Cybercrime Treaty Could Make Security Research a Crime, Leading 124 Experts to Call on UN Delegates to Fix Flawed Provisions that Weaken Everyone’s Security
Security researchers’ work discovering and reporting vulnerabilities in software, firmware, networks, and devices protects people, businesses and governments around the world from malware, theft of critical data, and other cyberattacks. The internet and the digital ecosystem are safer because of their work.The UN Cybercrime Treaty,...
Deeplinks Blog by Cooper Quintin | January 31, 2024
Worried About AI Voice Clone Scams? Create a Family Password
Your grandfather receives a call late at night from a person pretending to be you. The caller says that you are in jail or have been kidnapped and that they need money urgently to get you out of trouble. Perhaps they then bring on a fake police officer or kidnapper...
Deeplinks Blog by Karen Gullo | January 29, 2024
In Final Talks on Proposed UN Cybercrime Treaty, EFF Calls on Delegates to Incorporate Protections Against Spying and Restrict Overcriminalization or Reject Convention
Update: Delegates at the concluding negotiating session failed to reach consensus on human rights protections, government surveillance, and other key issues. The session was suspended Feb. 8 without a final draft text. Delegates will resume talks at a later day with a view to concluding their work and providing a...
Deeplinks Blog by Paige Collings | January 19, 2024
EFF’s 2024 In/Out List
Since EFF was formed in 1990, we’ve been working hard to protect digital rights for all. And as each year passes, we’ve come to understand the challenges and opportunities a little better, as well as what we’re not willing to accept. Accordingly, here’s what we’d like to see a lot...
Deeplinks Blog by Bill Budington, Alexis Hanco*ck | December 23, 2023
Sketchy and Dangerous Android Children’s Tablets and TV Set-Top Boxes: 2023 in Review
In a series of investigations this year, EFF researchers confirmed the existence of dangerous malware on set-top boxes manufactured by AllWinner and RockChip, and discovered sketchyware on a tablet marketed for kids from the manufacturer Dragon Touch.
Deeplinks Blog by Ross Schulman | December 13, 2023
Spritely and Veilid: Exciting Projects Building the Peer-to-Peer Web
While there is a surge in federated social media sites, like Bluesky and Mastodon, some technologists are hoping to take things further than this model of decentralization with fully peer-to-peer applications. Two leading projects, Spritely and Veilid, hint at what this could look like.There are many technologies used behind the...
![](https://ts2.mm.bing.net/th?q=Volt on LinkedIn: West Virginia University on Instagram: "Summer sunrises are *officially*…)