You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
nodesk
10 months agoHelpful | Level 5
Is there an ultimate recourse for 2FA deactivation ? (entirely locked out of my account)
Hi there, The situation is simple: I used to have dropbox and stopped using it years ago. Now i'd like to come back. I have lost access to my account and have no recovery option available at all....
- 10 months ago
Bumping the thread for future readers in search of a definitive/authoritative answer on that question.
Dropbox support finally gave me an unambiguous answer, and it's a no.
They do not have a process for unlocking accounts if you lose all your means of access as described in my original post. So, if you do, you're done.
Excerpt from the exchange I had with them (translated from the original language):
"""
For security reasons, we can't disable 2FA for you because your email address isn't proof enough of your identity. If you can't use your 2FA code and don't know you recovery codes, we can't help you in accessing your dropbox account
"""
Note that there is still some wiggle room where they say "your email address isn't proof enough", when I told them I could provide much, much more proof of identity and ownership of the account, BUT it seems to me that their internal processes stop there when it comes to account recovery for reasons other than death of a user (see prior messages in this thread for details on that).
Rich
Super User II
nodesk wrote:
Is there a team inside the Dropbox company that can, on a case-by-case basis, turn off 2FA for a lost account ?
You can try contacting Support, but without access to the emergency backup codes it's very unlikely that you'll be able to gain access to the account again. Ultimately, you enabled a system to prevent access to the account without an authorization code, and now you're trying to sign in without that code. It would be a pretty big security issue if Dropbox bypassed that.
To contact Support, visit the Support page while you're NOT signed in to a Dropbox account, including these forums, and you'll see an option for sign in issues. It's best to use an Incognito or Private browsing session to make sure you're not signed in.
nodesk
10 months agoHelpful | Level 5
Yes, you are correct on all points.
One thing that should be 100% impossible is for a company that says the user's data is encrypted with unknown-to-them keys, to be able to decrypt the data. Obviously, that would indicate they're not being truthful.
In this particular case though it's not about the data but rather about reseting the 2FA codes or disabling them entirely, which the company surely has the ability to do, although it may be entirely out of their procedure, which I would find perfectly understandable. As you said, that can open potential avenues for foul-play and not every company may want to have such a procedure exist at all, eventhough it would be technically possible.
One last thing to consider is: deceased person account recovery.
I unfortunately have had to go through that procedure myself not so long ago. Dropbox, like many companies (I don't know if it's a legal obligation or not), have procedures for people to recover access to deceased people's account, provided you can show legal proof that the person is indeed deceased and that you are a spouse, a heir or a person with legal authorisation to access the defunct's account.
In my family's case, we followed the procedure, and Dropbox did indeed provide us access to my relative's account eventhough it was a 2FA protected account that we didn't have access to.
So this is just another anecdotal but relevant information to drive the point that technically, they can do it.
But of course, in this case, I'm still alive and kicking 🙂
Anyways your point still stands. Thank your for your suggestions, I have a ticket open already.
Cheers 🙂
-----
For reference:
https://help.dropbox.com/en-en/account-settings/access-account-of-someone-who-passed-away
- nodesk10 months agoHelpful | Level 5
Bumping the thread for future readers in search of a definitive/authoritative answer on that question.
Dropbox support finally gave me an unambiguous answer, and it's a no.
They do not have a process for unlocking accounts if you lose all your means of access as described in my original post. So, if you do, you're done.
Excerpt from the exchange I had with them (translated from the original language):
"""
For security reasons, we can't disable 2FA for you because your email address isn't proof enough of your identity. If you can't use your 2FA code and don't know you recovery codes, we can't help you in accessing your dropbox account
"""
Note that there is still some wiggle room where they say "your email address isn't proof enough", when I told them I could provide much, much more proof of identity and ownership of the account, BUT it seems to me that their internal processes stop there when it comes to account recovery for reasons other than death of a user (see prior messages in this thread for details on that).
- JennSymons3 months agoNew member | Level 2
I have a similar situation. My dropbox account got hacked this morning. The hacker changed my password and also SET UP 2 factor authentication to go to THEIR authenticator app/phone. I did not previously have 2 factor set up. So now, anytime I try to reset my password, I get the first email with a 6 digit code from dropbox, but then can't get past the second layer saying to check my authenticator app for a code, since I wasn't the one who set that up....any experience with this?
In additon, the hacker has spammed hundreds of contacts with a dropbox link sending as me from dropbox AND changed my billing settings by setting up a "Pay App" dropbox account.
Super frustrating that support doesn't reply as a human. it simply sends bot links suggesting to login for more resources....wish i could! Please help, as this is my work account with thousands (10 years) or corporate photos.
- Hannah3 months agoDropbox Staff
Really sorry to hear about this, JennSymons.
I think that at this point, there's not much to be done here on the Community.
What you'll need to do is contact our support team, which is possible if you follow these steps:
- Open a private browsing/incognito window on your browser and go to this page.
- Choose your issue type and fill out the rest of the form.
- Click "submit".
Let us know once you have your ticket number.
About Security and Permissions
Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.
Need more support
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!