How to make Dropbox more secure without spending a cent

pcw dropbox primary
Credit: Rob Schultz

Dropbox has had its share of security woes over the years. While the cloud storage provider has done much to beef up its defenses, there’s still plenty you can do on your own to improve the safety of your files. Here are a few ways to get started.

Use two-step verification

Thanks to increasingly ambitious hackers and users’ tendency to rely on comically weak passwords, one–factor authentication has become something of a joke. (Bonus tip: Get the last laugh by using a password manager on your computer or as a mobile app.) In light of this, most major services, including Dropbox, have implemented two-step verification. This system requires you to enter both your password and a security code sent to your mobile phone, and it’s the easiest way to increase the security of your account.

two step verification

One of the easiest ways to improve Dropbox security is to enable two-step verification.

To enable two-step verification, log into your Dropbox account, click your username in the upper-right corner and select Settings from the drop-down menu. Click the Security tab, then click Enable under “Two-step verification.” Follow the prompts to set up this feature.

Unlink old devices

Much of Dropbox’s power lies in the ability to use it across multiple devices. But considering most of us upgrade our smartphones, tablets, and computers every few years, you're likely you have some old devices still attached to your Dropbox account. That poses a security risk.

linked devices

Old or unused devices still linked to your Dropbox account can compromise security.

To unlink any devices you don’t use or no longer have, follow the above steps to get to the Security tab and scroll down to “Devices.” Here you’ll find a list of devices that currently have access to your Dropbox account, along with the date of their most recent Dropbox activity. To unlink a device from your account, click the X at the far right of its name.

Manage app access

A wealth of third-party apps integrate with Dropbox to extend its capabilities, most of which require full access to your account. An app retains its access even if you don’t use it anymore, and if that app’s developer stops supporting it or it otherwise becomes compromised, it may give hackers an easy entrée into your account. To prevent this, you need to revoke the access of any apps you don’t regularly use.

linked apps

Revoke the Dropbox access of any third-party apps you don't use anymore.

Return again to the Security tab and scroll down to the “Apps linked” section. You’ll see a list of all the apps you’ve authorized to access your Dropbox account, along with the extent of access. To remove any app, click the X at the far right of its name.

Monitor web sessions

In addition to devices and apps, Dropbox also tracks web browsers that are logged into your account. This is an easy way to monitor for any unauthorized activity.

Go to the Security tab, and scroll down to “Sessions.” This is a list of all the browsers currently logged in to your account, along with their country of origin and the time of the activity. If you see any you don’t recognize, you’ll know your account has been breached. It’s also a good idea to go in from time to time and remove any of your old activity—just click the X next to the entries you want to delete.

Encrypt your files

While these measures will minimize any holes in your Dropbox security, none of them will safeguard your data if someone does break into your account. In that event, encryption remains the best protection for your files.

While Dropbox encrypts your data in transit and at rest, you can add an extra layer of protection with a third-party solution like Boxcryptor. This service encrypts your files before you upload them, then places them in a special Boxcryptor folder within your Dropbox. Boxcryptor offers free, Personal ($48/year) and Business ($96/year) licenses, as well as a selection of mobile apps for anywhere-access to your encrypted files. It’s also “zero-knowledge” software—Boxcryptor doesn’t have access to your encryption keys or passwords, so the security of your data remains in your hands, where it belongs.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.