Now the online cloud-based service is living up to that promise by offering users a two-step verification for their Dropbox accounts. "Two-step verification is an optional but highly recommended security feature that adds an extra layer of protection to your Dropbox account," said Dropbox in its blogpost.
With this feature enabled, Dropbox will prompt users for a 16-digit security code when signing in from a new device like a computer, phone or tablet.
Here's a quick how-to guide to enable two-factor authentication and how the feature works.
1. First log in to your Dropbox account via the website.
2. Access the account menu by clicking on your name in the top right corner of the screen.
3. Then choose Settings and go to the Security tab.
4. Under the Account Sign-in section, users will see a new Two-step verification option set to 'Disabled' by default.
5. Clicking on 'change' will prompt users to re-enter their password, after which they can choose to receive a security code via SMS or any mobile app.
If users choose to opt for text messages, then upon signing in to Dropbox, they will receive a text message containing a security code on their phone. This setting needs to be enabled by selecting 'Use text messages' during the two-step verification setup.
On the other hand, if users opt for mobile apps that support Time-based One-Time Password (TOTP) protocol like Google Authenticator, Amazon AWS MFA or Authenticator, then they need to select 'Use a mobile app' during the two-step verification setup.
A quick word of advice from Dropbox here, "Before enabling two-step verification, you'll receive a special 16-digit backup code. It is very important that you write this key down and store it somewhere safe. If you ever lose your phone or cannot receive or generate a security code, you'll need this backup code for emergency access to your Dropbox."
Advanced users can use the OATH tool to generate codes programatically or the command line.
Apart from two-factor authentication, Dropbox is working on other security features like new automated mechanisms to help identify suspicious activity. Another new addition to the Security tab is the list all active logins in addition to the devices linked to your account, which was already present.
A word of advice - it seems the rollout of new features is gradual, since we have reports of not all users seeing the option to enable two-factor authentication yet.