Dropbox Security Lessons – How to Protect Your Account Best

Dropbox Security Lessons – How to Protect Your Account Best

Dropbox is one of the most elegant and simplest ways for file synchronization. You can get access to your files no matter where you are at the moment, no matter what kind of device you are using, as long as you have Internet connection. It is widely spread for both personal and business usage and everyone appreciates avoiding the hassle of carrying files the old-fashion way through flash drives, emails, etc.

Lately, it has gained some notorious fame in terms of privacy and security though.

Although in the Dropbox ‘Terms of Service’ it is said that “When you use our Services, you provide us with things like your files, content, email messages, contacts and so on (‘Your Stuff’). Your Stuff is yours. These Terms don’t give us any rights to Your Stuff except for the limited rights that enable us to offer the Services.”, their Privacy Policy states otherwise:

‘We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or our users; or (d) protect Dropbox’s property rights.’
This sounds quite controversial and may upset a lot of users, but the company simply does not have a choice in complying with the Law.

Another problem in their users’ privacy, especially for American citizens, is a thing called Dropbox Reader application. What is weird here is that it is not a Dropbox application, but is known to have been developed by a US company named Cyber Marshal. Their web-site, which is not accessible from European IP addresses states that the application is a collection of instruments for parsing and gathering cashed files stored in the cloud service for unknown reason. The instruments can be used for Windows, Macintosh, and Linux. Here’s a statement in the “About Us” page of the site that is even more disturbing:

This makes you think quite hard before you place anything in the cloud, huh?


That, unfortunately, is just the beginning. Lately, there were some news for Dropbox security breaches and information stolen by hackers. Well, luckily, this is not quite the case as. First, Dropbox was not breached in the common sense of the act. What actually happened was that those hackers were breaking other users’ accounts services, having the same credentials as their Dropbox accounts. What the crooks simply needed to do is try these credentials for Dropbox. Some of them worked.

The bad news – one of them belonged to a Dropbox employee. Gaining access to it the hackers got unknown number of Dropbox users e-mails and passwords which might have been infected with different types of malware after that. This leads us to the question – is Dropbox safe and what do we need to do to protect our accounts better?

Well, it would be fair to safe that Dropbox is not any safer than before. This means that it still remains compromised. First, the information is up there in the cloud, therefore, subject to hack attacks at all times, and second – Dropbox is an American company. Never mind the Patriot Act or any other US declarations functioning in the USA, the authorities there are entitled to require information from you just because they want it. That makes Dropbox insecure to some extent. Still nobody can protect your information better than yourself. Here we offer several ways to make your Dropbox account safer:

Activate the Two-Step Verification Process for Dropbox.

Dropbox already supports the two-step verification security process. When activated, you will need to enter both your password and a verification code when entering the account or adding a new device to an existing one. Even if somebody gains access to your password they won’t know the verification code.

To enable the process you need to enter your Dropbox account, go to the Settings page and enter the Security tab. Click on ‘change’ next to the ‘Two-step verification’ text on the page to activate it as shown below:


Enabling it, every time you enter your Dropbox account, you will start receiving text messages on your mobile phone containing the verification code. You can also install an application like Google Authenticator if you’re using a smart phone. To further extent the feature you can request a 16-digit code for emergency archiving in case you can’t receive a text message at the moment for some reason – if you have lost your phone for example. Keep the 16-digit code at a safe place.

Unlink the Devices on Which You Do Not Need the Dropbox Account

Removing the devices which you don’t need to use the cloud services on will further increase your security. We tend to install tons of applications on many of them (our mobile phones for example), some of which not quite secure for some reasons.

Go to the Settings page again, press the Security tab and go to ‘My devices’. There you will see a list with computers, tablets and telephones which have been linked to your account (if any). If there are devices which you don’t use anymore, press the ‘Unlink’ button to remove them.


In addition to the devices you can also check all types of browsers your account has been entered with. Go to the Security tab again, and press “Web Sessions”. If you see some unknown browsers or countries your account has been accessed from, then you might have a security breach.

Email Notifications

You can also enable e-mail notifications every time a device has been linked to your account. Although this may seem as additional spam to you every time you add a device, that will also mean that you will receive an e-mail if somebody else tries to link to your account. Enabling the notifications is done from the Security tab as well:


Dropbox-Connected Applications

If you have already used Dropbox for a while there is a good chance some applications to have connected to it as well. Usually the applications require access authorization but they remain linked to the account even if you are not using them anymore. Some of them might contain malicious software or be compromised so it would be a good idea to check what kind of applications your account is linked to from time to time.
To see all the applications connected to your Dropbox go to the Settings page and click the ‘My Apps’ tab. Click the ‘X’ to remove each application you don’t use anymore.


Use Different Passwords for Different Services

Although this advice may sound obvious, thousands of users have compromised their Dropbox accounts because they have used passwords for their other web-services. Many of them have already had security breaches in the past (even the most famous of them like Yahoo for example), so make sure to create a unique password for your Dropbox. If you are using one and the same password for two services, you are already in danger. Although you can check if another service has been breached before, change your Dropbox password even if it hasn’t. Changing the password regularly increases the security as well.

Encrypt Your Dropbox Files

Although all of the above is really helpful you may want to make sure your files are safe even if somebody breaches the account. Encrypting them all before uploading will increase your information security very much. Nobody would be able to enter them unless they know the security key.
Dropbox does not offer any encryption of files but there are many programs which will help you out with that. You can try TrueCrypt, BoxCryptor is an excellent decision for mobile devices.

These are the most important steps for you to protect your Dropbox account. If you perform all of them, you can be quite sure that your Dropbox is protected. Even if it becomes a subject of a breach, nobody will get anything useful out of it anyway. Still, the most secure way for your documents is to be out of the cloud. Avoid placing documents, containing really important information in your Dropbox account in any case.

And one more advice – do not trust other sources to provide your security for you. Note: try a good password manager.