We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
Two factor problem = account lost. user since 2009.
Good afternoon Dropbox Users and Community,
Today I want to share with everyone my experience with Dropbox for, maybe, Dropbox one day think on it and find a smart solution.. because as I will sh...
Good morning Dropbox Users,
I had lost the full access to my Dropbox account.
I lost my cell phone number; the emergency codes; and all the devices that I had connected so I couldnt sign in.
After "fighting" with many persons that work in the costumer service of Dropbox and persons, that are suppose to help here in the community, I finally got a solution and I want to share with you it.
Remember this only works if you are the real owner of the account.
Things you must have:
1 - You must have a cell phone and/or another device where you had your account connected.
2 - Contact costumer service through chat and explain the problem. Open a ticket. (you must create another account to chat ).
3 - They will sent you a link to the email of your MAIN account. Follow the instructions.
4 - Contact again costumer support using the ticket number and ask to talk with a supervisor and provide these informations:
4.1 - Email of the account.
4.2 - Full name on the account.
4.3 - DTG (Date-Time Group) of the creation of the account.
4.4 - The cell phone number associatted to your account.
4.5 - Your actual city (where are you typing right now).
4.6 - The city where you did the last successfully login into Dropbox.
4.7 - The name of a file that you have recently uploaded to Dropbox.
4.8 - The name of a folder that you have created into Dropbox.
4.9 - The name of any person with whom you share a folder, AND the name of that shared folder?
4.10 - The name of any linked computer?
4.11 - Attach a picture of the mac address of the network card that you used the last time to connect to your Dropbox. (it can be a cell phone or computer).If you give those informations correctly they will check your situation, and if all its ok, they will sent you a link (that expire soon, so pay attention to the email address that you used to chat) that allows you to reset your password.
Hope it allows to solve situations like i had before.
For read my situation follow this link:
https://www.dropboxforum.com/t5/Manage-account/Two-factor-problem-account-lost-user-since-2009/td-p/...This really works for me. Hope it helps the next users that pass through the same problem.
I will follow this thread for help also who needs
Well you are complicating what are so simple,
Lets review Dropbox Policy Privacy:
https://www.dropbox.com/privacy
"Account information. We collect, and associate with your account, the information you provide to us when you do things such as sign up for your account, upgrade to a paid plan, and set up two-factor authentication (like your name, email address, phone number, payment info, and physical address). Some of our Services let you access your accounts and your information via other service providers."
Well can you check if I have a physical address associatted to my dropbox? If I have, maybe you can resent me a code by postal service...
"Contacts. You may choose to give us access to your contacts to make it easy for you to do things like share and collaborate on Your Stuff, send messages, and invite others to use the Services. If you do, we’ll store those contacts on our servers for you to use."
I can provide many contacts of persons that entered in Dropbox through me. Only I know that right? That´s why I got almost 16gb of Dropbox..
"Usage information. We collect information related to how you use the Services, including actions you take in your account (like sharing, editing, viewing, and moving files or folders). We use this information to improve our Services, develop new services and features, and protect Dropbox users. Please refer to our FAQ for more information about how we use this usage information to improve our Services."
I can provide you informations about my folders. Only I know right? And as your terms say: "We use this information to improve our Services, develop new services and features, and protect Dropbox users". So maybe you can use it...
"Device information. We also collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services."
I need to say anything about this? I can provide you cell phone imei / mac addresses anything that you need. And this informations are related to devices that were previous connected in my dropbox account as I can see them in the trusted devices.
Thanks.
Jay
Dropbox Staff
Dropbox Staff
joaochora wrote:"Account information. We collect, and associate with your account, the information you provide to us when you do things such as sign up for your account, upgrade to a paid plan, and set up two-factor authentication (like your name, email address, phone number, payment info, and physical address). Some of our Services let you access your accounts and your information via other service providers."
Physical addresses aren't associated with accounts, unless you're on a Business account or using manual invoices, as they're able to customize invoices for themselves. Even then, this information can't be used to regain access.
If this were the case, anyone could provide an address for a well-known company and ask for access to a random potential admin email, and if lucky, could get in.
"Contacts. You may choose to give us access to your contacts to make it easy for you to do things like share and collaborate on Your Stuff, send messages, and invite others to use the Services. If you do, we’ll store those contacts on our servers for you to use."
Note that it doesn't state that storing the contacts grants you to ability to access your account. If users could do that, we might have multiple accounts with the same contacts that could be breached.
"Usage information. We collect information related to how you use the Services, including actions you take in your account (like sharing, editing, viewing, and moving files or folders). We use this information to improve our Services, develop new services and features, and protect Dropbox users. Please refer to our FAQ for more information about how we use this usage information to improve our Services."
Again, this doesn't state you can use the information to help in regaining access to the account. What if your phone was taken and then they have access to the app? After verification of a few folders, the person could then take over your account entirely.
"Device information. We also collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services."
Once more, this cannot grant you access to the account, by simply knowing which devices you used to login to the app. Any person who has your devices could verify it very easily.
While it does seem that this is strict, these are security policies put in place to secure your data from any access. Even if you could provide an ID card, there's no log of it in the system to compare it to since we never requested it to begin with.
Only the emergency code can be used unfortunately.
- Mark
Super User II
I can guarantee that even if you get to CEO level they wont let you access the account without the security you've set up - they've been exceptionally strict on this in the past.
Supervisors wont (and cant) override what the security team have said.
Without the systems you set up (i.e. the phone or security codes) that account is now lost.
Jay@ wrote
Again, this doesn't state you can use the information to help in regaining access to the account. What if your phone was taken and then they have access to the app? After verification of a few folders, the person could then take over your account entirely.What if.. what if.. well my what if is that I still have the devices that I connected to my account! What if I show them to you directly in a videocall?
Jay@ wrote
Once more, this cannot grant you access to the account, by simply knowing which devices you used to login to the app. Any person who has your devices could verify it very easily.Once more... I don't simply know the devices, I still have them. Isn't it enough?
It's not about been strict, what is stupid here is that you (Dropbox) dont have another way to check the identity of the customers? Even Paypal and Banks have...
And the costumer service... I´m able to show you the last devices that connected to my account its so hard to do a videocall with the costumers (do the procedures of identity check with id cards / driver license) and then check the devices?
Hi joaochora, I would still insist you to try with your carrier to obtain the same number. I think, cell carriers can change the number associated with a SIM card (unless it is already taken). I changed my SIM card several times (when I needed a new 4G SIM, when I ported to another cell carrier etc.). Each time I went to the stores, and they just randomly picked a SIM card. I saw in its label that it was already assigned a mobile number. They enter/scan UID (separate from the mobile number) of a SIM card in their system, and ask me to enter my current number. Then I receive a code in my exhisting mobile, which required to input in their system for SIM transfer. But I heard that it is not so simple if you cannot receive the OTP on your current number. But, I hope if you can prove that you had the same number before (your phone bills), the carrier may agree to issue the same number like they do in case of a stolen phone.
I agree with you that life would have been much easier if Dropbox had some alternative way to the verify your identity. But, in my opinion, they cannot implement the way a bank establishes identity for various limitations. Banks need your real identity: address proof, passport, social security nuber, and with that they have accees to other databases which are cross verified with photo, signature, biometric. I believe, the policy is similar with other web services (e.g., your Google account). They give you some emergency way out (backup codes, trusted devices etc.), unfortunately you fail to avail all the routes.
Mark wrote:
I can guarantee that even if you get to CEO level they wont let you access the account without the security you've set up - they've been exceptionally strict on this in the past.
Supervisors wont (and cant) override what the security team have said.
Without the systems you set up (i.e. the phone or security codes) that account is now lost.Looks like I did it mate :)
Thanks for your guidelines too.
- MarkI'm am genuinely amazed (and disappointed in them actually) that you did. It defeats the whole premise of setting up 2FA if it can simply be disabled on a whim. This precedent has made Dropbox less safe :(
That said I'm pleased you got your stuff back. I cant imagine how I'd feel to loose all of mine.
