Dropbox has added an extra layer of security to its online storage service by introducing two-step verification that requires both a password and a security code sent to your mobile phone.


Where previously users could gain access to the digital locker by entering a single password, now they must also request a security code that can be either texted to their mobile phone, or generated through a mobile authenticator app, such as Google Authenticator for iOS.

Dropbox said in a blog post: "Today we'd like to announce the launch of two-step verification, a feature that will enhance the security of your Dropbox by requiring two levels of authentication: your password, and a security code that will either be texted to your mobile phone or generated by a mobile authenticator app (available for iOS, Android, Blackberry and Windows Phone 7)."

The extra layer of security comes after hackers gained access to a Dropbox employee's email, which resulted in a number of customers email addresses and account details become compromised.

Two-step verification is not compulsory for all users, but those who want it can go to the Securities tab in their Dropbox account settings and enable the extra layer of security in the "Account sign in" section. Dropbox then explains how to set up two-step verification.

Users only need to enter the randomly generated security code once on their mobile device, and desktop users can set Dropbox to recognise and trust their own computer after a code has been entered once.

Those who log in through multiple devices or from public computers will have to enter both their password and a security code every time they log in, preventing hackers from gaining access from their own computers by knowing the user's password.

Dropbox added: "Two-step verification is one of several steps that we're taking to enhance the security of your Dropbox. We've also created a way for you to view all active logins to your account on the Security tab, and we're working on automated mechanisms to identify suspicious activity."

When Dropbox announced it was going to implement this new security measure earlier this month, Brian Spector, CEO of online security experts CertiVox, told IBTimes UK "We are delighted that Dropbox are now considering remedying this weakness using two-factor authentication, but we are also speaking to them about how they are planning to do it. Using one-time codes to mobile phones is cumbersome, and it will lose them customers."

Dropbox security

Smartphone users can download one of the following apps to help them scan an on-screen barcode to gain access to their Dropbox account, and instructions on using the apps can be found here.

Finally, if you lose your smartphone and are therefore unable to access your account, Dropbox provides you with a 16-digit backup code when you first set up two-step verification.

Unfortunately, technology can only get you so far, and Dropbox recommends that you "write this key down and store it somewhere safe."