Dropbox: Two-Step Verification

Dropbox recently enabled two-step verification. With two-step verification, when you log on using a new device, you need both your password and a code from your phone. (Use it for your Google account, too.) If someone does get hold of your password, they won’t be able to get into your account without this second code.

How it works.

When I log into my Dropbox account from a new computer or mobile device, I first enter my Dropbox password, and then I am asked for a verification code. I run the Google Authenticator app (Android/iOS/Blackberry) on my phone. (Download the app from wherever you get your apps.) Every 30 seconds a new code will appear. I enter the current code to log into Dropbox. That’s it.

Enabling two-step verification.

First, download the Google Authenicator app for your smartphone and a QR code scanner. I use one for Android called Scan. If you have a phone that’s just a phone, you can have codes sent to you via text message; see instructions below.

Go to Dropbox.com and log in to your account. Click on your name in the top right corner of the screen. Select “Settings”.

Select the “Security” tab.

Scroll down to “Two-step verification” and click “change”.

Decide how you’d like to get the codes. If you have a smartphone, Google Authenicator is the easiest route, but there’s nothing wrong with text message. Click next.

Open your QR code reader (Scan, for me; “bar code scanner” does not seem to work with Google Authenticator.) Scan the code.

After scanning, your phone will ask you if you’d like to save it. Say yes. On your phone, you will see Dropbox: your@email.address with a number below it. Every 30 seconds that number will change. On your computer, Dropbox will ask you to enter the code.

After entering the code, this message will give you an “emergency backup code.” Put it someplace safe. If you use LastPass, create a “secure note” and save it there.

Creating a secure note in LastPass.

Log in to LastPass, and from the menu on the left, select “Add Secure Note”.

Name your note something useful; in this case, “Dropbox authenticator code.” Paste the code in the big box. Click the save button.

Conclusion.

The number one threat to your online life is password security. With two-step verification, even if your password is compromised, your account cannot be accessed unless the person has your phone, too.