Two-step verification

Two-step verification (also known as 2FA or two-factor authentication) adds an extra layer of security to your account. With this feature turned on, you’ll need a six-digit security code as well as your username and password to sign into your account. You’d also need this code to link a new computer, phone, or tablet. You can have the codes sent to your phone in text messages or generated by a mobile app like Google Authenticator or Duo Mobile. Dropbox also offers the option of using a security key, rather than six-digit codes, for two-step verification. Security keys offer extra protection against phishing attacks and are convenient to use.

Require your team to enable two-step verification. With 2FA, company data stays safe even if a device is lost or stolen, or a password gets compromised.


SSO

If you're the admin of a team on an Advanced or Enterprise plan, you can enable single sign-on (SSO) so your team can access their Dropbox accounts without remembering another password.

How to: Set-up 2FA

  1. Sign in to dropbox.com.

  2. Click your avatar.

  3. Choose Settings.

  4. Select the Security tab.

  5. Toggle Two-step verification to On.

    - If you see Managed by single sign-on under the Security tab, your team uses single sign-on (SSO). This means you might not be able to use two-step verification with Dropbox.

  6. Click Get started.

  7. Re-enter your password.

  8. Choose if you want to receive your security code by text message or mobile app. Click either Use text messages or Use a mobile app and follow the prompts.

  9. Enter a security code to complete the setup (you'll receive it either via text message or authenticator app, depending on the preferred method you entered).

  10. Click Next.

Note: If you use an authenticator app to receive your verification codes, please add primary and secondary backup phone numbers.

Find detailed instructions on setting up 2FA using your mobile app or text messages.

Learn how to change your two-step verification phone number, add a secondary backup method, or use a security key device.

What do I do if I lost my phone or can't sign in using two-step verification?

Dropbox Business team admins can require all or some team members to use two-step verification. You can do this through the admin console or your identity management provider if you use single sign-on (SSO). Each team member has to enable two-step verification on their own account. However, you can request that members enable this feature, and then ensure that it stays on once enabled.

  1. Sign in to dropbox.com with your admin credentials.

  2. Click Admin Console.

  3. Click Settings.

  4. Under Authentication settings, check Require two-step verification.

  5. Select whether you'd like to require two-step verification for some or all team members.

  6. Click Confirm.

  7. If you've selected Require for specific members, enter the email addresses of the team members you'd like to use two-step verification, and then click Proceed.

Learn more about admin settings for two-step verification.