Dropbox stores files you cannot afford to lose — documents, photos, backups, and sensitive personal and business data. A compromised Dropbox account can expose all of this content to an attacker, and because Dropbox syncs across devices, a breach can happen silently without any obvious signs. Two-step verification (Dropbox's name for 2FA) adds a critical extra layer of security to your account.
In This Guide
How to Enable 2FA on Dropbox
- Sign in to dropbox.com and click your avatar in the top right corner.
- Click Settings.
- Click the Security tab.
- Under "Two-step verification", click Enable.
- Click Get started and enter your Dropbox password to confirm.
- Choose your method: Use a mobile app (recommended) or Use SMS.
- For the mobile app option: scan the QR code with your authenticator app, enter the 6-digit code to verify, then click Next.
- Dropbox asks you to add a backup phone number for SMS recovery — enter one and verify it.
- Dropbox provides a 16-digit emergency backup code. Write it down or save it securely before clicking Done.
Dropbox 2FA Methods
Mobile Authenticator App (Recommended)
Dropbox works with any TOTP-compatible authenticator: Google Authenticator, Authy, Microsoft Authenticator, 1Password, and many others. After entering your password, Dropbox asks for the 6-digit code currently displayed in your app. The code rotates every 30 seconds and works without an internet connection. This is the most secure everyday option.
SMS Text Message
Dropbox can send a verification code to your registered phone number. This works as a fallback but is less secure than an authenticator app, primarily because SMS codes can be intercepted through SIM-swap attacks. Use SMS only if you have no other option.
Hardware Security Keys
Dropbox supports security keys via FIDO2/WebAuthn for personal and Business accounts. You plug in or tap a hardware key when prompted. This is the most phishing-resistant option and is recommended for business accounts or anyone with highly sensitive files.
Two-Step Verification for Dropbox Business Teams
Dropbox Business admins can enforce two-step verification for all team members. In the Admin Console, go to Security → Two-step verification and select the enforcement level: optional, required for admins only, or required for all users. When enforcement is turned on, users who have not yet enabled 2FA will be prompted to do so the next time they sign in.
Dropbox App Passwords
If you use older third-party apps that connect to Dropbox and do not handle 2FA prompts correctly, Dropbox allows you to generate app-specific passwords. These bypass 2FA for that specific app while keeping your main account protected. You can create and revoke app passwords from the Security tab in your account settings.
Lost Access to Dropbox 2FA?
At the sign-in screen, click Trouble signing in? to access recovery options. You can use your backup phone number (SMS recovery), your 16-digit emergency backup code, or contact Dropbox support. For Business accounts, your team admin may also be able to reset 2FA for your account. If none of these work, Dropbox support requires identity verification before granting access.