How-To Geek

How to Secure Your Dropbox Account

IMG_0049

Back in May of 2016, Dropbox announced on its official blog that it now has half a billion users. That’s a lot of people, which also means there’s likely a lot of information being stored in this cloud service that you wouldn’t want other people seeing. If you’re one of those 500 million, it’s time to secure your account.

Choose a Strong Password

Wait, don’t skip this section! I know you’ve heard this a million times, but there’s a reason: it’s important. If you’re using some crazy-weak password, it honestly doesn’t matter what else you do, because your account is already halfway to being compromised. So use a strong password!

But that’s not all. The more complex your password, the more secure it is, so I recommend using a password generator and manager like LastPass. Not only can you use this tool to create strong, basically un-guessable passwords, but you can then use it to store those passwords. That way, you need only remember your master password, instead of the dozens of passwords you use for different sites. Like I said, LastPass is my favorite, but there are others out there. Explore your options, then pick the one that’s best for you.

To change your Dropbox password, first log in to the Dropbox website. From there, click on your little avatar in the upper right corner and select “Settings.”

2016-11-22_09h43_59

The Settings menu will open in a new tab—click on the “Security” tab. The first option in this menu is “Change Password.” Click that.

2016-11-22_10h04_14

You’ll have to first input your old password before selecting a new one, so go ahead and do that. Now choose a good, strong password!

2016-11-22_10h04_08

Use Two-Step Verification

Again, this is something you may have heard, but is extremely important—if two-step verification is an option, you should be using it, no questions asked!

If you aren’t familiar with two-step verification (also commonly called two-factor authentication), it’s a second layer of security for your account. Not only will you need your password to log in, but you’ll need to enter a code sent to your phone as well—ensuring that, even if someone somehow got your password, they wouldn’t be able to log in (unless they’d also stolen your phone). You can choose from a couple of different ways to get this code: either via text message to your phone number, or by using an authentication app like like Google Authenticator or Authy. While it’s completely up to you, I recommend going with an app like Authy.

All that said, here’s how to set it all up.

Once you’re logged in on the Dropbox website, click on your avatar in the upper right corner, then select “Settings.”

2016-11-22_09h43_59

In the Settings menu, click on the “Security” tab.

2016-11-22_10h04_14

Just below the Password section, you’ll see the “Two-step verification” section. Click “Enable” —a dialog will show up, click “Get started” to…well, get started.

2016-11-22_09h44_08

On the next dialog, input your current password.

2016-11-22_09h44_17

The next screen will ask you to choose the method in which you’ll receive security codes—again, I’d recommend going with a mobile app like Authy, since it’s more secure.

2016-11-22_09h44_25

If you choose to use an authenticator app, the next screen will show a QR code—just scan this code from the authenticator app on your phone.

2016-11-22_09h44_47

If you elect to just use your phone, you’ll enter your phone number instead. If you set up an authenticator app, you can opt to enter your phone number as a backup.

2016-11-22_09h45_08

Lastly, you’ll verify that you indeed have access to the codes by entering the current code—either from your authenticator app or from the text message that will automatically get sent to you with this step.

2016-11-22_09h44_58

It will also provide you with a list of 10 backup codes—keep these in a safe place, just in case you ever get locked out of your account and don’t have access to your phone.

Manage Your Current Sessions, Linked Devices, and Linked Apps

If you’ve been using Dropbox for a while, you’re going to want to take a look at the section below two-step authentication in the Dropbox Security menu—this is where you’ll see current sessions, devices linked to your Dropbox account, and apps you’ve granted access to.

Basically, here you’re going to want to just make sure everything is in order—if older devices you no longer have are still listed here, go ahead and delete them. No need to allow access to anything you don’t have!

2016-11-22_11h04_07

The same thing really applies to apps—if you don’t use something, revoke its access. Easy peasy. Do this regularly to keep a clean list.

2016-11-22_11h04_44

Advanced Users: Encrypt Your Sensitive Dropbox Files

All these security precautions won’t help if Dropbox itself fails to secure your account, or if someone else gains access to your smartphone or a computer with your Dropbox files on them. To protect yourself and ensure your sensitive files remain secure, you can encrypt the files you store in your Dropbox account. To access the encrypted files, you’ll need to know the encryption password – anyone without the encryption key will only see random, jumbled nonsense data. The worst they could do is delete your data, but you should have a backup anyway.

Dropbox itself offers no way to encrypt your files, but there are several ways to do it yourself. Many geeks prefer creating a VeraCrypt volume and storing it in their Dropbox account. If you’re looking for something a bit more user friendly with mobile apps, BoxCryptor is also an excellent solution. Linux users can check out EncFS to do the encryption themselves – EncFS inspired BoxCryptor.

screenshot.3


That’s really all there is to locking your Dropbox account up tight. It doesn’t take long at all to get everything set up and secure, so I highly recommend taking the time to do it—it’s well worth the half hour to run through this stuff to make sure your data is safe!

Cameron Summerson is a self-made geek, Android enthusiast, horror movie fanatic, metalhead, and cyclist. When he's not pounding keys on the 'net, you can find him spending time with his wife and kids, chugging away on the 6-string, spinning on the streets, or watching The Texas Chainsaw Massacre.

  • Published 11/21/12

Comments (9)

  1. Pajafumo

    On android you can use encdroid if you are using EncFs

  2. NSDCars5

    Nobody would bother with my account. Who’d like edited pics of a 1999 game and some real car pics you can find on Google? :P

  3. Photon

    I use BoxCryptor for my sensitive files. If anyone hacks my files, they will find garbage.

  4. Huseyin

    There is a huge problem with Trucrypt, sure it works but every time you want to access your data you need to mount and then unmount when done so dropbox can sync it. And with high volume (even 2GB truecrypt file) it will be susceptible to corruption. I am using this but only for sensitive documents.
    My Documents folder is outside Truecrypt.

    Box Cryptor might work better but even that is a bit clunky as it means it will be impossible to access those files if you need emergency access, or is there a portable client we can use?

  5. Dave

    I found this article – like most HTG articles – very informative even though I have nothing of interest in my account. However, one day that may change and this article along with other reader’s comments will help.

  6. FileLocker

    Use FileLocker and you don’t have to do anything special to keep things secure.

  7. JohnFinley

    @Huseyin BoxCryptor provides a portable version within its installation package.

  8. Frank

    Thanks for a great article that covers all the issues with protecting Dropbox. It’s a great asset but like all “cloud” apps it has real security and access issues that need to be addressed to protect both your data and your privacy and security. Using this article anyone should be able to do just that.

  9. Rudolf

    Thanks for the article. I would like to join the (very) happy Boxcryptor user family. I was an early TrueCrypt fan to encrypt data on my laptop PC and it was the logical candidate to add additional protection to my DropBox. But i opted for BoxCryptor because it provides me an (efficient) solution to get my files synced on iPhone and iPad devices. If you don’t use iPhone,iPAD mobile devices : consider to put the .encfs6.xml file locally on your workstation for additional security.

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!