Have you enabled two-step verification?

We want to encourage everyone to be proactive about their security online. That’s why we’re supporting National Cybersecurity Awareness Month by sharing simple steps you can take to protect your accounts.

Even if a website or app has strong security controls, your online accounts can become vulnerable to attack if you reuse passwords or have weak passwords. That’s why we strongly recommend turning on two-step verification for Dropbox and other sites that support it.

The idea behind two-step verification is to combine "something you know" (like your password) with "something you have" (like your phone) to add an extra layer of security. Once you’ve enabled this feature, Dropbox will either text you a six-digit security code to enter after your password or you can get the code from an authenticator app like Google Authenticator, which is useful if you can’t get a cell signal.

Having two steps rather than just one creates a stronger barrier against attackers. It’s also important to make sure you have strong, unique passwords for each website, app, or any other online accounts. Why? Because reused passwords are vulnerable passwords: once they’re compromised on one service, all other services will be exposed. Since it can be hard to remember dozens of passwords, we suggest using a password manager — which encrypts and keeps track of all your passwords. Pro tip: You still need to keep an eye out, even if you use strong, unique passwords and two-step verification.

For example, phishing sites and emails can try to fool you into giving up your password and/or verification code through a fake account login page. We also recommend using anti-virus and other security tools to protect your devices against advanced attacks that can infect computers or phones with malware to intercept passwords or verification codes. Stay tuned for additional security tips and information on the blog next week!

Setting up two-step verification on Dropbox only takes a minute — learn how here.