Dropbox is a hugely popular cloud storage service beloved by many. Unfortunately, it’s had a history of security problems, ranging from compromised accounts to once allowing access to every Dropbox account without requiring a password for several hours.
If you’re using Dropbox, there are a variety of ways you can secure your account against unauthorized access and protect your files even if someone does gain access to your account.
Enable Two-Step Verification
Dropbox now supports two-step verification, also known as two-factor authentication. With two-step verification enabled, you’ll have to enter both your password and a security code from your mobile phone whenever you sign into the Dropbox website or add a new device to your account. Even if someone else knows your Dropbox password, they won’t be able to log In without the time-sensitive code from your phone.
To enable two-step verification, log into your Dropbox account, open the Settings page, and click the Security tab. Click the change link to the right of Two-step verification on the page.
You can receive codes by either text messages or via a smartphone application such as Google Authenticator. While enabling two-step verification, you’ll also receive a 16-digit emergency backup code that you can use to log in if you can’t receive or generate an authentication code – for example, if you lose your phone. Keep the emergency backup code in a safe place.
Unlink Devices You Don’t Use & View Web Sessions
From the Security tab on your Dropbox settings page, you can also view computers, phones, and tablets that have access to your Dropbox. If there are any devices you no longer use here, use the Unlink button to remove them.
In addition to viewing devices that have access to your Dropbox account, you can now view web browsers that are logged into your account. This list, also on the Security page, allows you to confirm no one else is logged into your account. If you see unknown sessions here, particularly one from another country, you may have a security breach.
These lists also allow you to view the devices and browsers currently using your Dropbox account and ensure no one else has access.
Get Email Notifications
Ensure email notifications are enabled so you’ll receive emails when new devices and apps connect to your account. While this does mean you’ll receive redundant emails whenever you connect a new device or app, you’ll also receive emails if someone else connects devices or apps to your accoun.t Of course, if someone had access to your account, they could disable these notifications before connecting new devices or apps.
Manage Linked Apps
If you’ve used Dropbox for a while, there’s a good chance you’ve used third-party apps that integrate with Dropbox. These apps often require full access to your Dropbox account, and the app retains access even if you stop using it. If the app itself is compromised or starts behaving maliciously in the future, it will be able to do damage – unless you’ve revoked its access, of course.
To revoke an app’s access to your Dropbox account, click the My apps tab on the Dropbox settings page. Click the X next to apps you don’t use.
Don’t Reuse Passwords
This tip may seem obvious, but thousands of Dropbox users have had their accounts compromised because they reused passwords that have already been leaked. You should use a unique password for your Dropbox account, one that you haven’t used for any other services. Many websites – even popular ones like Yahoo and eHarmony – have had password leaks in the past. Malicious people take these lists of leaked email address and password combinations and try them on other websites to gain access to users’ accounts. If you reused your Dropbox password elsewhere and it was leaked, you’re at risk. While you can check if your account passwords have been leaked online, you shouldn’t reuse passwords, especially for important websites – you’re just opening yourself up to future attacks.
You can use the Change password link on the Security tab to change your Dropbox password. Be sure to set a strong password. Regularly changing your password can help, too.
Encrypt Your Dropbox Files
All these security precautions won’t help if Dropbox itself fails to secure your account, or if someone else gains access to your smartphone or a computer with your Dropbox files on them. To protect yourself and ensure your sensitive files remain secure, you can encrypt the files you store in your Dropbox account. To access the encrypted files, you’ll need to know the encryption password – anyone without the encryption key will only see random, jumbled nonsense data. The worst they could do is delete your data, but you should have a backup anyway.
Dropbox itself offers no way to encrypt your files, but there are several ways to do it yourself. Many geeks prefer creating a TrueCrypt volume and storing it in their Dropbox account. If you’re looking for something a bit more user friendly with mobile apps, BoxCryptor is also an excellent solution. Linux users can check out EncFS to do the encryption themselves – EncFS inspired BoxCryptor.
If you’ve followed all the steps above, your Dropbox account should be locked up tight. Even if someone breaks in, they won’t get anything useful.
Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.
- Published 11/21/12