Dropbox has a security checkup tool that helps you keep your account and data safe. Specifically, it helps you:
- Review the email address on your account
- Review the computers, phones, and tablets you use to access Dropbox
- Review the third-party apps you've linked to your account
- Change and strengthen your account password
- Review two-step verification (if you have it enabled for your account)
If you got an email about account access from an unfamiliar device, jump to the bottom of this article.
What are the steps in the security checkup?
Check your email
The Check your email step prompts you to review the email address on your Dropbox account.
Dropbox uses your email address as your unique user name. If you lose access to this email address, you can't reset your Dropbox password, and you might lose access to your Dropbox account.
- If the listed email is still valid, click Yes (if you haven't yet verified your email address, you're instead prompted to Send verification email).
- If the listed email is no longer valid, click Change.
- Note: for Dropbox Business team members, only your team admin can change your account email address
I lost access to my email address so I can't change my password. What now?
Review devices and web browsers
The Review devices and web browsers step prompts you to review each place you've signed in to your Dropbox account. The list has current or past sessions on the Dropbox desktop app, mobile app, or web browser.
- If you see an unfamiliar device or web session, or one you no longer use, click the X beside it.
- You're then signed out of Dropbox on that device or browser.
- If you sign out of an unfamiliar device or web session, you should further protect your account by changing your password.
What happens when I remotely sign out of a device?
Review linked apps
The Review linked apps step prompts you to review the third-party apps (if any) you linked to your Dropbox account. These apps could be specific to your organization, or a widely used software like Microsoft Office Online.
- If you see an unfamiliar app, or one you no longer use, click the X beside it.
- The linked app is then unlinked from your Dropbox account.
- If you unlink an app you don't recognize, you should further protect your account by changing your password.
What info can a third-party app access when I link it to Dropbox?
Improve your password
The Improve your password step prompts you to review—and improve—the strength of the password on your Dropbox account. Strong, unique passwords are one of the most important safeguards for your account and personal data.
Several factors affect password strength. These factors include uniqueness (using different password for different services), length, and use of special characters, words, or phrases.
- To improve password strength, enter your current password, enter a new password, and confirm it.
- Click Save.
How do I create a strong password for Dropbox?
Check your two-step verification settings
Note: This step only appears if you already have two-step verification enabled for your account.
The Check your two-step verification settings step prompts you to review your two-step verification settings. You can check authenticator apps, phone numbers, or security keys, and confirm you still have access to them. If you lose access to any of these two-step verification methods, you might lose access to your Dropbox account.
As a reminder, two-step verification is a highly recommended security measure. With two-step verification, you need both your password and a unique, one-time code or security key before you can access your Dropbox account. This code is provided via text message or a third-party app.
- To change your current two-step verification settings, click security settings.
What's two-step verification, and how do I set it up?
I got an email notification about a new sign-in on my account
When you access Dropbox on a new device, we send a notification to the email address on your account. This email lists the name of the computer, phone, tablet, or web browser, and the time of the sign-in. It's a good practice to review these emails carefully.
If you signed in on this new device or browser, then no further action is needed. However, if the sign-in is from a device or browser you don't recognize, your account may have been compromised.
- If your account has been compromised—or if you're not sure—click No next to Was this you?
- You're then taken to the security checkup tool, and prompted to change your password.
Confirming you accessed Dropbox from a new device or browser.
I got a notification about an email or password change on my account, but I didn't initiate this.