Multi-factor authentication

Multi-factor authentication, (which includes two-step verification and two-factor authentication) adds an extra layer of security to your account. With this feature turned on, team members need a six-digit security code as well as their username and password to sign into their account or to link a new computer, phone, or tablet. Users can have the codes sent to their phone in text messages or generated by a mobile app like Google Authenticator or Duo Mobile. Dropbox also offers the option of using a security key, rather than six-digit codes, for two-step verification. Security keys offer extra protection against phishing attacks and are convenient to use.

As an admin, you can require your team to use two-step verification. With this extra measure, company data stays safe even if a device is lost or stolen, or a password gets compromised.


If you're the admin of a team on an Advanced or Enterprise plan, you can enable single sign-on (SSO) so your team can access their Dropbox accounts without remembering another password.

Set up multi-factor authentication

How to enable multi-factor authentication for your own account

1. Sign in to

2. Click your avatar.

3. Choose Settings.

4. Select the Security tab.

5. Toggle Two-step verification to On.

- If you see Managed by single sign-on under the Security tab, your team uses single sign-on (SSO). This means you might not be able to use two-step verification with Dropbox.

6. Click Get started.

7. Re-enter your password.

8. Choose if you want to receive your security code by text message or mobile app. Click either Use text messages or Use a mobile app and follow the prompts.

9. Enter a security code to complete the setup (you'll receive it either via text message or authenticator app, depending on the preferred method you entered).

10. Click Next.

Note: If you use an authenticator app to receive your verification codes, please add primary and secondary backup phone numbers.

Learn more about two-step verification.

Require two-step verification for your team

Dropbox Business team admins can require all or some team members to use two-step verification. You can do this through the admin console or your identity management provider if you use single sign-on (SSO). Each team member has to enable two-step verification on their own account. However, you can request that members enable this feature, and then ensure that it stays on once enabled.

     1. Sign in to with your admin credentials.

     2. Click Admin Console.

     3. Click Settings.

     4. Under Authentication settings, check Require two-step verification.

     5. Select whether you'd like to require two-step verification for some or all team members.

     6. Click Confirm.

     7. If you've selected Require for specific members, enter the email addresses of the team members you'd like to use two-step verification, and then click Proceed.

Learn more about admin settings for two-step verification.