Learn how to make the most out of the Dropbox Community here 💙. 

Forum Discussion

ITCorner's avatar
ITCorner
New member | Level 2
12 months ago

MFA can be switched off in fact

If you will set up MFA required for all, users will set up their phone numbers as second stage of login - for code via sms.

During login with MFA, users on screen for code from sms, can mark checkbox 'trust this machine' (or similar meaning).

 

From that time user will be not asked anymore about sms code - that wrong because it's against of admin settings for MFA. User CAN switch it off in fact.

User can do that on some computer which is not owning to him etc. .

From Security perspective it should be corrected immediately - minimum: "trusting" checkbox  on screen for sms code, should NOT be displayed with MFA marked by admin as mandatory. Try to imagine that first user will save password and login on such computer and later turn on (mark) "trust this machine" and boom-> big problems. 

Account Settings
Security
  • Walter's avatar
    Walter
    Icon for Dropbox Staff rankDropbox Staff
    12 months ago

    HI there ITCorner - thanks for taking the time to share your thoughts on this with us and happy Friday!

     

    Your feedback has been noted in our system and you can let us know if you have anything else to add.

     

    Thanks so much!

About Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

Need more support

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!

Recent Discussions