cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Are you interested in hearing how one of our Community members uses Dropbox for sailing trips? Read all about it here.

Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Potential security problem with Google Sign-In, even with 2FA when accessing my account.

Potential security problem with Google Sign-In, even with 2FA when accessing my account.

icab_80
New member | Level 2
4 weeks ago

I have an Android phone with a Google account. If I install the Dropbox app, the login screen prompts me to use Google Sign-In to log in to my Dropbox account. If I accept, I get automatically logged in without needing my username and password. If I activate 2FA beforehand from my PC and then use Google Sign-In, then I get an SMS code in the same phone where I'm trying to log in from.

 

This means that, even if I don't use Dropbox on my phone and only use it from my PC, anyone who has access to my phone could download the Dropbox app and access my account without needing my username and password, even if 2FA is activated.

 

I'd appreciate if anyone could tell me if I'm doing something wrong and this is normal behavior, or if this is a security problem, and in either case, how can I avoid it and completely disconnect my Google and Dropbox accounts from each other. Thank you!

  • 0 Likes
  • 1 Replies
  • 212 Views
0 Likes
1 Reply 1

Megan
Dropbox Staff
4 weeks ago

Hey @icab_80, welcome to our Community! 

 

Let me ask a few things, to make sure we're on the same page. 

 

You mentioned "If I activate 2FA beforehand from my PC and then use Google Sign-In, then I get an SMS code in the same phone where I'm trying to log in from". Is 2FA currently enabled for your Dropbox account? 

 

I'm asking because if 2FA is enabled on a Dropbox account, you'll still need to enter a Dropbox multi-factor authentication code before logging in with Google. Is this not the case when you use your mobile app? 

 

Let me know more, and we'll take it from there!

Megan
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join!

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Megan Dropbox Staff
What do Dropbox user levels mean?