How to setup TOTP for Dropbox

Dropbox is a big believer in 2FA to protect your account from hackers. You can see here a whole article on Dropbox explaining the importance of 2FA. Still today many users don't have 2FA enabled which is most commonly the cause of malicious hacks. Dropbox quotes this in their ‘Final Word 2FA Statement’: “Two-factor authentication offers an extra layer of security for your business’s online files, keeping your sensitive data shielded from potential cyber threats.”

Let's secure your dropbox account!

1. Locating the 2FA settings in Dropbox

1.1 - To begin the process of securing your Dropbox account, log into your account, go to settings and go to the privacy tab. Once done you will see 3 options, security check, password or two step verification. Click two step verification.

1.2 - You will now be presented with a small notification message enabling Two-Step Verification with a ‘Learn More’ button if required. It clearifies that after setting up 2FA, whenever you sign in to the Dropbox website or link a new device, you’ll need to enter both your password and a security code. Next, click get started!

2. Enabling Dropbox's 2FA

2.1 - To ensure the highest level of security, Dropbox then asks for your account password to verify it's you trying to change the security settings. This is to prevent any potential takeover of your account. Note that Dropbox will also send you an email when your change of security settings is made. Once you have entered your password, click Next!

2.2 - Another notification will then appear with two different options. This will ask you if you want to secure your account with text messages or a mobile app (Authentication App). For this guide we will be choosing the mobile app option, and we will use the Authenly app. For a little background information, the Text Message method is actually not as secure as an Authenticator App, this is why Authenly is solely using the TOTP Authentication method to keep your account safe from hackers and unwanted access.

2.3 -Dropbox will now display a QR code ready to scan (Via the Authenly app)!

2.4 - Now open the Authenly app on your mobile phone. Once you are in our app, tap the QR scan icon on the home screen, or access it via the menu.

As you scan the Dropbox QR code, this operation will install the 2FA on your mobile device, so that you can now secure your Dropbox account with Authenly. You can preview the TOTP code, which is changing every 30 seconds, by clicking on the new 'dropbox' list item in the Authenly app.

2.5 - Now go back to Dropbox. To validate the 2FA settings on your Dropbox your account, enter the TOTP code provided by Authenly.

2.5 -Once you have validated your 2FA, Dropbox then provides several backup codes that may be used if it comes to a circumstance where you are unable to access your 2 Factor Authentication App. Dropbox recommends saving these, but Authenly has a better and more secure backup procedure which you are encouraged to use (see below).

2.6 - Dropbox then presents you with a brief message stating that from now on, when you sign in or link a new device, you need to enter a security code from your phone. This is of course to keep the highest level of security to your files and information against hackers or unwanted personnel.

3. Your Dropbox is secured

3.1 - Done! Your Dropbox account is now validated and secured with Authenly. You are now safe from malicious attacks by reuse of your username and password, and a potential loss of your Dropbox account, or any sensitive information that may be stored on your Dropbox account.

As you have experienced, installing a 2FA protection for a specific vendor account on your mobile device is quite a simple task to perform. We have built a list of 2FA installation guides for most major web applications, so that you can add safely and quickly an additional layer of security to your online account, and thereby also to your online identity.

4. Backup

Bear in mind that it is very important to keep a safe backup of your 2FA. Authenly is using a unique un-hackable offline secret to backup your 2FA-TOTP. This is a lot more secure than writing your 8 or 12 backup passcodes on paper or in a file accessible on your computer and/or on the cloud. It is also a lot more secure than letting your 2FA authentication app provider do the backup for you in their cloud (when they get hacked - not if... - your 2FA protection is rendered totally useless). Therefore, just make sure that you backup your 2FA-TOTP with Authenly as an offline secret, and be safe that you will not suffer any account lock-out and that you can restore at any time this 2FA onto any mobile device with your Authenly identity.

Need to understand and setup TOTP?

This short animated video will give you a good understanding of what is a Timed One-Time Password (or TOTP).


Frequently Asked Questions

Have questions? We’ve got answers. If you can’t find what you are looking for, feel free to get in touch.