How to turn 2-factor authentication on and off

Updated Apr 17, 2025
person icon

 This article describes a feature available to all users on Dropbox.

2-factor authentication (also known as multi-factor authentication, MFA, two-step verification, or 2FA) is a highly recommended security feature that helps protect your Dropbox account. By turning 2-factor authentication on, you add an extra layer of protection that helps keep your personal information and files safe from unauthorized access.

To use 2-factor authentication, you need a mobile device that can receive text messages, or run a compatible authenticator app.

warning icon

Important: To prevent being locked out of your account, you may want to add a backup phone number. You should also download your emergency recovery codes.

Already use 2-factor authentication and locked out? Learn how to regain access to your account.

How to turn on 2-factor authentication

  1. Log in to dropbox.com.
  2. Click your avatar (profile picture or initials) in the bottom-left corner.
  3. Click Settings.
  4. Click the Security tab.
  5. Toggle 2-factor authentication to On.
    • If you see Managed by single sign-on under the Security tab, your team admin has enabled single sign-on (SSO). This means you don’t have to use 2-factor authentication with Dropbox and can access your account by logging in to a central identity provider. Contact your admin to learn more.
  6. Click Get started.
  7. Re-enter your password. 
  8. Choose if you want to receive your security code by text message or via an authenticator app, and follow the instructions for your choice below.
highlighter icon

Note: You can only set up 2-factor authentication on dropbox.com. 

If you choose to receive your security codes by text message, you need a phone that can receive text messages (carrier rates may apply). A text message containing a security code will be sent to your phone each time you log in to Dropbox.
 

To receive your code via text message:

  1. Select Use text messages during 2-factor authentication setup.
  2. Enter the phone number where you'd like to receive text messages.
  3. Click Next.
  4. You’ll receive a security code via text message. Enter this code into the prompt on dropbox.com.
  5. Click Next.
highlighter icon

Note: As of March 9, 2023, setting up new devices to receive security codes by text message isn't supported for the +92 country code.

If you choose to receive your security codes through an authenticator app, you’ll first need to download one. The authenticator app you choose will generate a unique time-sensitive security code. Most authenticator apps can generate security codes even when cellular/data service isn't available, which can be useful when traveling or where coverage is unreliable. Any app that supports the Time-based One-Time Password (TOTP) protocol should work, including:

If you use an authenticator app to receive your verification codes, we recommend you add primary and secondary backup phone numbers.


To receive your code via authenticator app:

  1. Select Use an authenticator app during two-step verification setup.
  2. You can either:
    • Scan the QR code (If your app supports it): Open your app of choice and choose to add a new account. You may then be able to use your phone's camera to scan the QR code on dropbox.com.
    • Manually enter your secret key: You'll be given a secret key on dropbox.com that you can type into the app. Use the steps in your app to add a new account using a secret key.
  3. Click Next.
  4. Once the authenticator app is configured, enter the security code it generates to verify setup and enable 2-step verification.
  5. Click Next.
highlighter icon

Note: If you use a Unix or Linux shell, you can safely generate a security code from your computer from the command line using the OATH tool. Make sure that your device’s time is accurate, as these apps depend on it to function correctly.

How to change my 2-factor authentication phone number

  1. Log in to dropbox.com.
  2. Click your avatar (profile picture or initials) in the bottom-left corner..
  3. Click Settings.
  4. Click the Security tab.
  5. Click Edit next to your phone number, in the 2-factor authentication section. 
    • You'll be prompted to enter your password to continue.

How to add a backup method for 2-factor authentication

After enabling 2-factor authentication, we highly recommend you add a backup phone that can receive text messages as well. If you ever lose your primary phone, or can't use your authenticator app, you can send a security code to your backup phone number instead.

  1. Log in to dropbox.com.
  2. Click your avatar (profile picture or initials) in the bottom-left corner.
  3. Click Settings.
  4. Click the Security tab.
  5. Under 2-factor authentication, click Add next to Backup method.
  6. Enter your password.
  7. Enter the phone number of your backup device.

How to use an emergency backup code for 2-factor authentication

When enabling 2-factor authentication, you'll receive 10 backup codes. Each eight-digit code can be used once to access your Dropbox account in case of emergency. 

warning icon

Important: Enabling or disabling 2-factor authentication will reset your emergency backup codes. Be sure to save the new codes each time you make changes.

How to find your backup codes

  1. Log in to dropbox.com.
  2. Click your avatar (profile picture or initials) in the bottom-left corner.
  3. Click Settings.
  4. Click the Security tab.
  5. Click Show next to Recovery codes.
  6. Enter your password.
  7. Use or save the code that appears.

How to use a backup code

  1. Log in to dropbox.com.
  2. Click Having trouble getting a code?
  3. Click Enter emergency backup code.
  4. Enter one of your emergency backup codes.
  5. Click Enter.
highlighter icon

Notes:

  • When entering a backup code, be careful to transcribe the code correctly. For example, the number one can look like the letter L, and a zero can look like the letter O.
  • If you've used your last backup code, you'll be prompted to generate new backup codes.
  • We also recommend changing your password if you lost your phone.

How to use a security key for 2-factor authentication

You can use a security key for 2-factor authentication, rather than a six-digit security code. A security key is a small USB, Bluetooth, or Near Field Communication (NFC) device that follows one of the open standards:

  • FIDO Universal 2nd Factor (U2F)
  • Web Authentication (WebAuthn), also known as FIDO2

Unlike SMS or mobile app verification, a security key doesn’t require a separate battery or network connection. Most importantly, security keys use authenticated communication to defend against phishing attacks.

How to set up a security key for your Dropbox account

  1. Log in to dropbox.com.
  2. Click your avatar (profile picture or initials) in the bottom-left corner.
  3. Click Settings.
  4. Click the Security tab.
  5. Under 2-factor authentication, click Add next to Security keys. If you don't see this section, follow the "How to turn on 2-factor authentication" instructions above before proceeding.
  6. Enter your password.
  7. Insert your security key into a USB port, then click Begin setup.

Where can I use my security key?

Once you have a security key, it can be enabled for both your personal and work Dropbox accounts. It can also be used with other WebAuthn or U2F enabled services, such as Google apps.


Currently, security keys are only supported on select devices and browsers, so you must first set up 2-factor authentication for your Dropbox account and select to receive codes via SMS messages or a mobile app. This step ensures that you have a backup method, in case a device doesn't support your security key.


Dropbox only supports using a security key when logging in to dropbox.com on Chrome or Firefox web browsers. You can’t use a security key to log in to the Dropbox desktop or mobile apps. Don’t worry, you still have the option to use text or mobile app 2-factor authentication on devices and platforms that don’t support U2F or WebAuthn, or if you don't have your security key available.

highlighter icon

Note: There are different ways to activate security keys. Your key may require a tap or button press to activate registration. If you're having difficulty completing security key registration, verify that your security key is U2F or WebAuthn capable. You can also refer to the manufacturer instructions specific to your device.

How to turn off 2-factor authentication

You can turn off 2-factor authentication for your Dropbox account at any time. To do so:

  1. Log in to dropbox.com.
  2. Click your avatar (profile picture or initials) in the bottom-left corner. 
  3. Click Settings.
  4. Click the Security tab.
  5. Toggle 2-factor authentication to Off.

How to reset a team member’s 2-factor authentication method

If you're a Dropbox team admin, you can reset a team member’s 2-factor authentication method. You may need to do this if they change their phone number or mobile device.

To reset a team member’s 2-factor authentication method:

  1. Log in to dropbox.com with your admin credentials.
  2. Click Admin console.
  3. Click Members in the left sidebar.
  4. Click the  (more options) next to the team member who needs their 2-factor authentication method reset.
  5. Select Reset two-factor authentication.
  6. Click Reset.

Your team member will receive an email notification that their 2-factor authentication method has been reset.

Was this article helpful?

Let us know how why it didn't help:

Thanks for letting us know!

Thanks for your feedback!

Community answers

Related Articles

Access personal information on your Dropbox account

Discover how to access personal information such as files, account and hardware information, and communications on your Dropbox account.

View article

Create account

Dropbox can be a home for all of your files. Learn how to sign up for Dropbox, how to set up and install Dropbox apps, and how to add files to your account.

View article

Dropbox for teams: Can admins see my account?

If you’re a member of a Dropbox team, your admin can access your account. Learn more about how this affects sharing, devices, and file access.

View article

How to delete your Dropbox account

Deleting your Dropbox account deletes all of your account and file data and can't be undone. Learn how to permanently delete a Dropbox account.

View article

Other ways to get help

Icon depicting two people
Community
Bird icon
X
Icon depicting a speech bubble
Contact support