SMS discontinuation for 2-factor authentication FAQs in certain countries

Updated Dec 02, 2025

In this article

person icon

This article applies only to Dropbox users from certain countries, unless otherwise stated.

Why is Dropbox removing the SMS option for 2-factor authentication?

SMS delivery reliability and security vary across regions. To ensure a consistent and trustworthy 2-factor authentication (2FA) experience, Dropbox continuously reviews authentication methods worldwide and supports SMS 2FA only in countries where these needs can be effectively met.

 

How to replace your 2-factor authentication method

To keep using 2FA, you’ll need a mobile device with a compatible authenticator app. Authenticator apps generate time-sensitive security codes even when you don’t have mobile or data service, which can be helpful when traveling or in areas with poor coverage.

 

Popular apps that support the Time-based-One-Time Password (TOTP) protocol include:

 

If you’re prompted to switch when logging in (after January 9, 2025)

  1. Log in to dropbox.com.
  2. A new window appears with a QR code and a secret key. 
  3. Choose one:
    • QR code: Scan the code with your phone’s camera.
    • Secret key: In your authenticator app, add a new account and enter the secret key.
  4. Click Next.
  5. Enter the 6-digit code generated from your authenticator app and click Next.
  6. Click Continue to Dropbox to finish setup.

 

 

From your account settings (available anytime)

  1. Log in to dropbox.com.
  2. Click your avatar (profile picture or initials).
    • Depending on your plan, your avatar may appear in the top-right or bottom-left corner.
  3. Click Settings.
  4. Click the Security tab.
  5. Toggle 2-factor authentication to On.
    • If you see Managed by single sign-on under the Security tab, your team admin has enabled single sign-on (SSO). This means you don’t have to use 2-factor authentication with Dropbox and can access your account by logging in to a central identity provider. Contact your admin to learn more.
  6. Re-enter your password and click Submit.
  7. Select Authenticator app and click Submit.
  8. Choose one:
    • QR code: Scan it with your phone’s camera.
    • Secret key: Add a new account in your authenticator app and enter the secret key.
  9. Click Next.
  10. Enter the 6-digit code from your authenticator app and click Next.
  11. Add a secondary phone number (optional), then click Save or Skip for now.
    • This option is only available for certain countries.
  12. Store your recovery codes safely and check I’ve stored my recovery codes in a safe place.
  13. Click Finish, then Done.
highlighter icon

Notes: 

  • You can only set up 2-factor authentication on dropbox.com.
  • If you use a Unix or Linux shell, you can generate a security code from your computer from the command line using the OATH tool. Make sure that your device’s time is correct, as authenticator apps depend on it to function correctly.

Why is this change only happening in certain countries? 

SMS delivery reliability and security differ by region. Dropbox maintains SMS 2FA only in countries where service providers can ensure consistent delivery and security.

 

Will this affect my or my team’s account security?

No. Switching to an authenticator app increases security. Authenticator apps are more secure than SMS-based codes. However, disabling 2FA entirely will make your account more vulnerable.

 

What happens if I don’t switch from SMS 2FA?

After the discontinuation date on January 9, 2025, you’ll be prompted to update your 2FA method. The next time you log in on the web and complete SMS verification, you’ll be prompted to switch to an authenticator app or disbale 2FA. 

 

You won’t be able to dismiss this prompt.

 

Will I need to use the authenticator app every time I log in?

If you choose Trust this computer when signing in, you’ll only need to provide your two-factor authentication code once on that device.

 

For admins: How will my team members be notified?

Admins will receive an email notification about this change one week before their impacted team members. While not required, we encourage admins to notify their teams ahead of time so members can expect Dropbox’s emails and in-product prompts with detailed instructions.

 

What happens if I disable 2-factor authentication? 

You can disable 2-factor authentication, but this will significantly reduce your account security. Passwords are often the weakest defense, we strongly recommend keeping 2FA enabled to protect your data. Learn more about 2-factor authentication.

Was this article helpful?

Let us know how why it didn't help:

Thanks for letting us know!

Thanks for your feedback!

Related Articles

Access personal information on your Dropbox account

Create account

Dropbox for teams: Can admins see my account?

How to delete your Dropbox account

Community answers

Other ways to get help

Icon depicting two people
Community
Icon depicting a speech bubble
Contact support
Twitter Icon
Social media support