The security checkup tool

Updated Jan 15, 2024
person icon

 The information in this article applies to all Dropbox users.

Dropbox has a security checkup tool that helps you keep your account and data safe. Specifically, it helps you:

  • Review the email address on your account
  • Review the computers, phones, and tablets you use to access Dropbox
  • Review the third-party apps you've linked to your account
  • Change and strengthen your account password
  • Review two-step verification (if you have it enabled for your account)

If you received an email about account access from an unfamiliar device, jump to the bottom of this article.

What are the steps in the security checkup?

Check your email

The Check your email step prompts you to review the email address on your Dropbox account.

Dropbox uses your email address as your unique user name. If you lose access to this email address, you can't reset your Dropbox password, and you might lose access to your Dropbox account.

  1. If the listed email is still valid, click Yes (if you haven't yet verified your email address, you're instead prompted to Send verification email).
  2. If the listed email is no longer valid, click Change.
highlighter icon

Note: For members of a Dropbox team account, only your team admin can change your account email address.

Review devices and web browsers

The Review devices and web browsers step prompts you to review each place you've logged in to your Dropbox account. The list has current or past sessions on the Dropbox desktop app, mobile app, or web browser.

  1. If you see an unfamiliar device or web session, or one you no longer use, click the X beside it.
  2. You're then logged out of Dropbox on that device or browser.
  3. If you log out of an unfamiliar device or web session, you should further protect your account by changing your password.

What happens when I remotely log out of a device?

Review linked apps

The Review linked apps step prompts you to review the third-party apps (if any) you linked to your Dropbox account. These apps could be specific to your organization, or a widely used software like Microsoft Office Online.

  1. If you see an unfamiliar app, or one you no longer use, click the X beside it.
  2. The linked app is then unlinked from your Dropbox account.
  3. If you unlink an app you don't recognize, you should further protect your account by changing your password.

What info can a third-party app access when I link it to Dropbox?

Improve your password

The Improve your password step prompts you to review—and improve—the strength of the password on your Dropbox account. Strong, unique passwords are one of the most important safeguards for your account and personal data.

Several factors affect password strength. These factors include uniqueness (using different password for different services), length, and use of special characters, words, or phrases.

  1. To improve password strength, enter your current password, enter a new password, and confirm it.
  2. Click Save.

How do I create a strong password for Dropbox?

Check your two-step verification settings
highlighter icon

Note: This step only appears if you already have two-step verification enabled for your account.

The Check your two-step verification settings step prompts you to review your two-step verification settings. You can check authenticator apps, phone numbers, or security keys, and confirm you still have access to them. If you lose access to any of these two-step verification methods, you might lose access to your Dropbox account.

As a reminder, two-step verification is a highly recommended security measure. With two-step verification, you need both your password and a unique, one-time code or security key before you can access your Dropbox account. This code is provided via text message or a third-party app.

What's two-step verification, and how do I set it up?

I got an email notification about a new log in on my account

When you access Dropbox on a new device, we send a notification to the email address on your account. This email lists the name of the computer, phone, tablet, or web browser, and the time of the log in. It's a good practice to review these emails carefully.

If you logged in on this new device or browser, then no further action is needed. However, if the log in is from a device or browser you don't recognize, your account may have been compromised.

  1. If your account has been compromised—or if you're not sure—click No next to Was this you?
  2. You're then taken to the security checkup tool, and prompted to change your password.

Confirming you accessed Dropbox from a new device or browser.

I got a notification about an email or password change on my account, but I didn't initiate this.

Was this article helpful?

We’re sorry to hear that.
Let us know how we can improve.

Thanks for your feedback!
Let us know how this article helped.

Thanks for your feedback!

Other ways to get help