Dropbox lets you synchronize files among devices and the cloud. It’s so easy to set up and use, we forget about backing up and protecting the data. Every so often, you need to audit your security on Dropbox to prevent future problems and potential security breaches.
Password Security and Two-Factor Authentication
We’ve covered how to setup two-step aka two-factor authentication or 2FA before in this post. The purpose of an audit is to make sure it works properly. If you use your Dropbox password on other websites, now is the time to change it. If you keep important stuff in Dropbox (like your 1Password database), change your password if it’s been more than six months. Regularly changing your password keeps your information secure in case of a breach.
If you haven’t set up 2FA, now is the time to do it. Again, here is our guide to setting it up. Are you sure it’s working, though? Will your security code work if you need it? Now is the time to check. Open up a private browsing session in your favorite browser and try to log into your Dropbox account. If your code works, great! If not, go ahead and fix it now before you need it.
While you are in that 2FA screen, there are some important settings you should check to make sure they are still valid. First, has your phone number changed? Tap edit to change the phone number. If your 2FA test above worked, your phone number is probably correct.
In case you lose your phone, it’s nice to have a backup phone listed. Is that number still correct? I know mine wasn’t! It was my old landline I disconnected. If that special backup phone number is an ex, here is the place to change it. It’s a good idea to put another number in just in case your lose your phone.
Want a better option for your second factor? Give Authy a try instead of Google Authenticator.
The next item to check is your recovery code. That’s used in case your primary and secondary phone numbers don’t work. It bypasses your 2FA when you need it. If you printed it somewhere, has anyone else accessed it? I kept mine in my wallet. That was a dumb mistake on my part. When I lost my wallet, I immediately changed my recovery code.
I now keep mine in a safe in the house. If you printed your recovery code but can’t find it, go ahead and change it.
Open Sessions, Devices, and Connected Apps
I’m pretty good about closing out my Dropbox sessions when I open them, especially at a public place. Sometimes I forget, though. On the Security page is Sessions. I close out of any sessions I’m not using. I also check for any unauthorized access to my account. We covered this tip before, but it’s worth mentioning again.
The next session on that screen is Devices. That lists all the devices that you’ve authorized with your Dropbox account. My list was a history lesson of dozens of devices I tested over the years. Fortunately, I know all those devices. If I didn’t recognize one, just like an unrecognized session, I know there could be a security breach.
When I did it, I realized I must have accidentally picked Trust this computer when I logged in on my friend’s computer. If you aren’t using one of those devices, click the X to remove the gadget from your account.
The bottom area of the Security section is Apps linked. We covered how and why you should remove unused items, but it’s worth a second glance. If an app allows syncing across devices, you probably need to leave the app. Sometimes though you might want to use the app but don’t need syncing or backup. This is where you delete the access. Fortunately, you can still keep the data in your Dropbox.
Dropbox offers to connect to your social media accounts to make collaboration easier. Unless you are using those functions, I recommend disconnecting those services. They aren’t on the Apps linked section. Instead, it’s in the Account section in Settings. In this example, I have Twitter set up, but I’m going to click disconnect because I want to keep them separate.
Set Email Notifications as an Early-Warning System
Most users will have these set by default, but it might be worth checking. The settings that can tell you of a potential security breach are when A new device is linked, A new app is connected, and Many Files are deleted. If you didn’t make those changes to your account, then you probably have a security problem!
See What You are Sharing With Others/Others Sharing With You
When you are on the Dropbox main page, on the left-hand side is the Sharing header. Click on that and you’ll see all the shared folders in your account. Underneath the name of the folder are all the people you are sharing that folder with. Do those people still need access to those shared folders?
To remove someone’s permission from a folder, click Options next to the name of the folder. Then click the X by the name of anyone you’d like to remove from the folder.
If you have shared folders that belong to someone else, that’s a security risk to your computer. They have the ability to put things in your Dropbox. If you no longer need to synchronize a folder with that person, you can leave that folder. You can still keep the files in that folder if the owner lets you. You can rejoin the folder later, so this is reversible.
To play it safe, leave any folder you don’t have active projects in. The more shared folders, the more potential risk to your computer and account.
One folder we all have is the Public folder. I’ve accidentally stored personal stuff in there. Since you are auditing your folders, make sure nothing in your Public folder is private. That folder is accessible to anyone with the link, so don’t put anything in there you wouldn’t want all over the internet.
Backing Up Your Dropbox Folder
Dropbox is a synchronization service. It is not a backup service. If your account got hacked or deleted, you might not be able to get your data back. Sometimes someone accidentally deletes something from a shared folder and doesn’t realize it unless months later.
Dropbox is a reliable and safe synchronization service. Like any service, it runs the risk of being hacked. Play it safe and reduce your chances of problems by checking to make sure your security settings are safe and current.