Back in July, Dropbox usernames and passwords were compromised via third-party Web sites. As a result, Dropbox said it would work on adding more security features to help keep accounts safe. Almost a month later, the company's delivered an extra feature that you'll need to enable on your own: two-step verification.
For each new device you use to access the Dropbox Web site or service, you'll need to enter your current password and a security code using this new method. This code can be sent to you via SMS or be generated by a mobile authenticator app. Currently, Dropbox supports Google Authenticator, Amazon WS MFA (Android only), and Authenticator (Windows Phone 7).
Log in to your Dropbox account from a Web browser. Click on the user menu in the top-right corner, click on Settings, then go to the Security tab. Next, you'll need to click the "change" link next to "Two-step verification." After entering your password, you'll be prompted to pick a method of receiving authentication codes in the future.
If you choose SMS as your method of receiving codes, you'll just need to provide your mobile number. This is a great option if you're not using a smartphone, or if you don't use one of the authenticator apps that Dropbox supports.
In the case of mobile authenticators, you will need to scan or manually enter a code for Dropbox so it can provide security codes to you. For example, in Google Authenticator, just tap the Settings button on your device, then choose Add Account. From there use either the Scan or Manual option, whichever best fits your needs. Your Dropbox security code will appear as another entry in your authenticator app.
Enter the six-digit code from SMS or the authenticator app into the Web site. Dropbox will now show you a 16-digit code to be used in case you lose your device. Write this down or take a screenshot and keep the emergency backup code in a safe, handy place if you need to change the phone number your regular codes are sent to. Finally, click Enable for the two-step verification and you're done.
Adding extra security is always a good option, whether you feel there is sensitive data in the account or not. Just the smallest piece of stolen information can link to another account, leaving you and your private data vulnerable to those with ill intentions.
Now that Dropbox has two-step verification, hopefully more popular Web services will follow suit. This extra feature isn't going to protect you 100 percent of the time, but it's a step in the right direction.