Quick Links

Back in May of 2016, Dropbox announced on its official blog that it now has half a billion users. That's a lot of people, which also means there's likely a lot of information being stored in this cloud service that you wouldn't want other people seeing. If you're one of those 500 million, it's time to secure your account.

Choose a Strong Password

Wait, don't skip this section! I know you've heard this a million times, but there's a reason: it's important. If you're using some crazy-weak password, it honestly doesn't matter what else you do, because your account is already halfway to being compromised. So use a strong password!

Related: Why You Should Use a Password Manager, and How to Get Started

But that's not all. The more complex your password, the more secure it is, so I recommend using a password generator and manager like LastPass. Not only can you use this tool to create strong, basically un-guessable passwords, but you can then use it to store those passwords. That way, you need only remember your master password, instead of the dozens of passwords you use for different sites. Like I said, LastPass is my favorite, but there are others out there. Explore your options, then pick the one that's best for you.

To change your Dropbox password, first log in to the Dropbox website. From there, click on your little avatar in the upper right corner and select "Settings."

2016-11-22_09h43_59

The Settings menu will open in a new tab---click on the "Security" tab. The first option in this menu is "Change Password." Click that.

2016-11-22_10h04_14

You'll have to first input your old password before selecting a new one, so go ahead and do that. Now choose a good, strong password!

2016-11-22_10h04_08

Use Two-Step Verification

Again, this is something you may have heard, but is extremely important---if two-step verification is an option, you should be using it, no questions asked!

Related: Here's Why You Should Use Two-Factor Authentication (2FA)

If you aren't familiar with two-step verification (also commonly called two-factor authentication), it's a second layer of security for your account. Not only will you need your password to log in, but you'll need to enter a code sent to your phone as well---ensuring that, even if someone somehow got your password, they wouldn't be able to log in (unless they'd also stolen your phone). You can choose from a couple of different ways to get this code: either via text message to your phone number, or by using an authentication app like like Google Authenticator or Authy. While it's completely up to you, I recommend going with an app like Authy.

All that said, here's how to set it all up.

Once you're logged in on the Dropbox website, click on your avatar in the upper right corner, then select "Settings."

2016-11-22_09h43_59

In the Settings menu, click on the "Security" tab.

2016-11-22_10h04_14

Just below the Password section, you'll see the "Two-step verification" section. Click "Enable" ---a dialog will show up, click "Get started" to...well, get started.

2016-11-22_09h44_08

On the next dialog, input your current password.

2016-11-22_09h44_17

The next screen will ask you to choose the method in which you'll receive security codes---again, I'd recommend going with a mobile app like Authy, since it's more secure.

2016-11-22_09h44_25

If you choose to use an authenticator app, the next screen will show a QR code---just scan this code from the authenticator app on your phone.

2016-11-22_09h44_47

If you elect to just use your phone, you'll enter your phone number instead. If you set up an authenticator app, you can opt to enter your phone number as a backup.

2016-11-22_09h45_08

Lastly, you'll verify that you indeed have access to the codes by entering the current code---either from your authenticator app or from the text message that will automatically get sent to you with this step.

2016-11-22_09h44_58

It will also provide you with a list of 10 backup codes---keep these in a safe place, just in case you ever get locked out of your account and don't have access to your phone.

Manage Your Current Sessions, Linked Devices, and Linked Apps

Related: How to Never Lose Files Stored in Dropbox and Other File-Syncing Services

If you've been using Dropbox for a while, you're going to want to take a look at the section below two-step authentication in the Dropbox Security menu---this is where you'll see current sessions, devices linked to your Dropbox account, and apps you've granted access to.

Basically, here you're going to want to just make sure everything is in order---if older devices you no longer have are still listed here, go ahead and delete them. No need to allow access to anything you don't have!

2016-11-22_11h04_07

The same thing really applies to apps---if you don't use something, revoke its access. Easy peasy. Do this regularly to keep a clean list.

2016-11-22_11h04_44

Advanced Users: Encrypt Your Sensitive Dropbox Files

All these security precautions won’t help if Dropbox itself fails to secure your account, or if someone else gains access to your smartphone or a computer with your Dropbox files on them. To protect yourself and ensure your sensitive files remain secure, you can encrypt the files you store in your Dropbox account. To access the encrypted files, you’ll need to know the encryption password – anyone without the encryption key will only see random, jumbled nonsense data. The worst they could do is delete your data, but you should have a backup anyway.

Related: How to Secure Sensitive Files on Your PC with VeraCrypt

Dropbox itself offers no way to encrypt your files, but there are several ways to do it yourself. Many geeks prefer creating a VeraCrypt volume and storing it in their Dropbox account. If you’re looking for something a bit more user friendly with mobile apps, BoxCryptor is also an excellent solution. Linux users can check out EncFS to do the encryption themselves – EncFS inspired BoxCryptor.

screenshot.3

That's really all there is to locking your Dropbox account up tight. It doesn't take long at all to get everything set up and secure, so I highly recommend taking the time to do it---it's well worth the half hour to run through this stuff to make sure your data is safe!