SEARCH

How-To Geek

6 Ways To Secure Your Dropbox Account

dropbox-security-code-header

Dropbox is a hugely popular cloud storage service beloved by many. Unfortunately, it’s had a history of security problems, ranging from compromised accounts to once allowing access to every Dropbox account without requiring a password for several hours.

If you’re using Dropbox, there are a variety of ways you can secure your account against unauthorized access and protect your files even if someone does gain access to your account.

Enable Two-Step Verification

Dropbox now supports two-step verification, also known as two-factor authentication. With two-step verification enabled, you’ll have to enter both your password and a security code from your mobile phone whenever you sign into the Dropbox website or add a new device to your account. Even if someone else knows your Dropbox password, they won’t be able to log In without the time-sensitive code from your phone.

To enable two-step verification, log into your Dropbox account, open the Settings page, and click the Security tab. Click the change link to the right of Two-step verification on the page.

dropbox-configure-two-factor

You can receive codes by either text messages or via a smartphone application such as Google Authenticator. While enabling two-step verification, you’ll also receive a 16-digit emergency backup code that you can use to log in if you can’t receive or generate an authentication code – for example, if you lose your phone. Keep the emergency backup code in a safe place.

dropbox-two-step-verification

Unlink Devices You Don’t Use & View Web Sessions

From the Security tab on your Dropbox settings page, you can also view computers, phones, and tablets that have access to your Dropbox. If there are any devices you no longer use here, use the Unlink button to remove them.

dropbox-unlink-devices

In addition to viewing devices that have access to your Dropbox account, you can now view web browsers that are logged into your account. This list, also on the Security page, allows you to confirm no one else is logged into your account. If you see unknown sessions here, particularly one from another country, you may have a security breach.

dropbox-web-sessions

These lists also allow you to view the devices and browsers currently using your Dropbox account and ensure no one else has access.

Get Email Notifications

Ensure email notifications are enabled so you’ll receive emails when new devices and apps connect to your account. While this does mean you’ll receive redundant emails whenever you connect a new device or app, you’ll also receive emails if someone else connects devices or apps to your accoun.t Of course, if someone had access to your account, they could disable these notifications before connecting new devices or apps.

dropbox-email-notifications

Manage Linked Apps

If you’ve used Dropbox for a while, there’s a good chance you’ve used third-party apps that integrate with Dropbox. These apps often require full access to your Dropbox account, and the app retains access even if you stop using it. If the app itself is compromised or starts behaving maliciously in the future, it will be able to do damage – unless you’ve revoked its access, of course.

To revoke an app’s access to your Dropbox account, click the My apps tab on the Dropbox settings page. Click the X next to apps you don’t use.

dropbox-my-apps

Don’t Reuse Passwords

This tip may seem obvious, but thousands of Dropbox users have had their accounts compromised because they reused passwords that have already been leaked. You should use a unique password for your Dropbox account, one that you haven’t used for any other services. Many websites – even popular ones like Yahoo and eHarmony – have had password leaks in the past. Malicious people take these lists of leaked email address and password combinations and try them on other websites to gain access to users’ accounts. If you reused your Dropbox password elsewhere and it was leaked, you’re at risk. While you can check if your account passwords have been leaked online, you shouldn’t reuse passwords, especially for important websites – you’re just opening yourself up to future attacks.

You can use the Change password link on the Security tab to change your Dropbox password. Be sure to set a strong password. Regularly changing your password can help, too.

change-dropbox-password

Encrypt Your Dropbox Files

All these security precautions won’t help if Dropbox itself fails to secure your account, or if someone else gains access to your smartphone or a computer with your Dropbox files on them. To protect yourself and ensure your sensitive files remain secure, you can encrypt the files you store in your Dropbox account. To access the encrypted files, you’ll need to know the encryption password – anyone without the encryption key will only see random, jumbled nonsense data. The worst they could do is delete your data, but you should have a backup anyway.

Dropbox itself offers no way to encrypt your files, but there are several ways to do it yourself. Many geeks prefer creating a TrueCrypt volume and storing it in their Dropbox account. If you’re looking for something a bit more user friendly with mobile apps, BoxCryptor is also an excellent solution. Linux users can check out EncFS to do the encryption themselves – EncFS inspired BoxCryptor.


If you’ve followed all the steps above, your Dropbox account should be locked up tight. Even if someone breaks in, they won’t get anything useful.

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 11/21/12

Comments (9)

  1. Pajafumo

    On android you can use encdroid if you are using EncFs

  2. NSDCars5

    Nobody would bother with my account. Who’d like edited pics of a 1999 game and some real car pics you can find on Google? :P

  3. Photon

    I use BoxCryptor for my sensitive files. If anyone hacks my files, they will find garbage.

  4. Huseyin

    There is a huge problem with Trucrypt, sure it works but every time you want to access your data you need to mount and then unmount when done so dropbox can sync it. And with high volume (even 2GB truecrypt file) it will be susceptible to corruption. I am using this but only for sensitive documents.
    My Documents folder is outside Truecrypt.

    Box Cryptor might work better but even that is a bit clunky as it means it will be impossible to access those files if you need emergency access, or is there a portable client we can use?

  5. Dave

    I found this article – like most HTG articles – very informative even though I have nothing of interest in my account. However, one day that may change and this article along with other reader’s comments will help.

  6. FileLocker

    Use FileLocker and you don’t have to do anything special to keep things secure.

  7. JohnFinley

    @Huseyin BoxCryptor provides a portable version within its installation package.

  8. Frank

    Thanks for a great article that covers all the issues with protecting Dropbox. It’s a great asset but like all “cloud” apps it has real security and access issues that need to be addressed to protect both your data and your privacy and security. Using this article anyone should be able to do just that.

  9. Rudolf

    Thanks for the article. I would like to join the (very) happy Boxcryptor user family. I was an early TrueCrypt fan to encrypt data on my laptop PC and it was the logical candidate to add additional protection to my DropBox. But i opted for BoxCryptor because it provides me an (efficient) solution to get my files synced on iPhone and iPad devices. If you don’t use iPhone,iPAD mobile devices : consider to put the .encfs6.xml file locally on your workstation for additional security.

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!