Back in May of 2016, Dropbox announced on its official blog that it now has half a billion users. That’s a lot of people, which also means there’s likely a lot of information being stored in this cloud service that you wouldn’t want other people seeing. If you’re one of those 500 million, it’s time to secure your account.
Choose a Strong Password
Wait, don’t skip this section! I know you’ve heard this a million times, but there’s a reason: it’s important. If you’re using some crazy-weak password, it honestly doesn’t matter what else you do, because your account is already halfway to being compromised. So use a strong password!
But that’s not all. The more complex your password, the more secure it is, so I recommend using a password generator and manager like LastPass. Not only can you use this tool to create strong, basically un-guessable passwords, but you can then use it to store those passwords. That way, you need only remember your master password, instead of the dozens of passwords you use for different sites. Like I said, LastPass is my favorite, but there are others out there. Explore your options, then pick the one that’s best for you.
To change your Dropbox password, first log in to the Dropbox website. From there, click on your little avatar in the upper right corner and select “Settings.”
The Settings menu will open in a new tab—click on the “Security” tab. The first option in this menu is “Change Password.” Click that.
You’ll have to first input your old password before selecting a new one, so go ahead and do that. Now choose a good, strong password!
Use Two-Step Verification
Again, this is something you may have heard, but is extremely important—if two-step verification is an option, you should be using it, no questions asked!
If you aren’t familiar with two-step verification (also commonly called two-factor authentication), it’s a second layer of security for your account. Not only will you need your password to log in, but you’ll need to enter a code sent to your phone as well—ensuring that, even if someone somehow got your password, they wouldn’t be able to log in (unless they’d also stolen your phone). You can choose from a couple of different ways to get this code: either via text message to your phone number, or by using an authentication app like like Google Authenticator or Authy. While it’s completely up to you, I recommend going with an app like Authy.
All that said, here’s how to set it all up.
Once you’re logged in on the Dropbox website, click on your avatar in the upper right corner, then select “Settings.”
In the Settings menu, click on the “Security” tab.
Just below the Password section, you’ll see the “Two-step verification” section. Click “Enable” —a dialog will show up, click “Get started” to…well, get started.
On the next dialog, input your current password.
The next screen will ask you to choose the method in which you’ll receive security codes—again, I’d recommend going with a mobile app like Authy, since it’s more secure.
If you choose to use an authenticator app, the next screen will show a QR code—just scan this code from the authenticator app on your phone.
If you elect to just use your phone, you’ll enter your phone number instead. If you set up an authenticator app, you can opt to enter your phone number as a backup.
Lastly, you’ll verify that you indeed have access to the codes by entering the current code—either from your authenticator app or from the text message that will automatically get sent to you with this step.
It will also provide you with a list of 10 backup codes—keep these in a safe place, just in case you ever get locked out of your account and don’t have access to your phone.
Manage Your Current Sessions, Linked Devices, and Linked Apps
If you’ve been using Dropbox for a while, you’re going to want to take a look at the section below two-step authentication in the Dropbox Security menu—this is where you’ll see current sessions, devices linked to your Dropbox account, and apps you’ve granted access to.
Basically, here you’re going to want to just make sure everything is in order—if older devices you no longer have are still listed here, go ahead and delete them. No need to allow access to anything you don’t have!
The same thing really applies to apps—if you don’t use something, revoke its access. Easy peasy. Do this regularly to keep a clean list.
Advanced Users: Encrypt Your Sensitive Dropbox Files
All these security precautions won’t help if Dropbox itself fails to secure your account, or if someone else gains access to your smartphone or a computer with your Dropbox files on them. To protect yourself and ensure your sensitive files remain secure, you can encrypt the files you store in your Dropbox account. To access the encrypted files, you’ll need to know the encryption password – anyone without the encryption key will only see random, jumbled nonsense data. The worst they could do is delete your data, but you should have a backup anyway.
Dropbox itself offers no way to encrypt your files, but there are several ways to do it yourself. Many geeks prefer creating a VeraCrypt volume and storing it in their Dropbox account. If you’re looking for something a bit more user friendly with mobile apps, BoxCryptor is also an excellent solution. Linux users can check out EncFS to do the encryption themselves – EncFS inspired BoxCryptor.
That’s really all there is to locking your Dropbox account up tight. It doesn’t take long at all to get everything set up and secure, so I highly recommend taking the time to do it—it’s well worth the half hour to run through this stuff to make sure your data is safe!