Multi-factor authentication

Dropbox uses multi-factor authentication to add an extra layer of security to your account. With this feature turned on, you’ll need a six-digit security code as well as your username and password to sign into your account. You’d also need this code to link a new computer, phone, or tablet. You can have the codes sent to your phone in text messages or generated by a mobile app like Google Authenticator or Duo Mobile.

Dropbox also offers the option of using a security key, rather than six-digit codes, for two-step verification. Security keys offer extra protection against phishing attacks and are convenient to use.


Two-step verification and two-factor authentication are types of multi-factor authentication.

How to: enable two-step verification

  1. Sign in to

  2. Click your avatar.

  3. Choose Settings.

  4. Select the Security tab.

  5. Toggle Two-step verification to On.

    - If you see Managed by single sign-on under the Security tab, your team uses single sign-on (SSO). This means you might not be able to use two-step verification with Dropbox. Contact your admin to learn more.

  6. Click Get started.

  7. Re-enter your password.

  8. Choose if you want to receive your security code by text message or mobile app. Click either Use text messages or Use a mobile app and follow the prompts.

  9. Enter a security code to complete the setup (you'll receive it either via text message or authenticator app, depending on the preferred method you entered).

  10. Click Next.

Note: If you use an authenticator app to receive your verification codes, please add primary and secondary backup phone numbers.