cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Musicians, convert your MuseScore files to PDF to play music on the go! Learn more here.

Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Six-digit security code involved in account login, although in settings the 2FA option is disabled

Labels:

Six-digit security code involved in account login, although in settings the 2FA option is disabled

Ricky Tigg
Explorer | Level 3
June

Good morning. By default, for the operation of connecting to a Dropbox account with a Dropbox Basic subcription, not only a password as a first authentication factor is required, but also an additional authentication, therefore a second, operating by sending a six-digit security code to the e-mail address attached to the account and the devices linked to it. I observe that there is an option to define as trusted the computer on which this connection operation takes place, in order to avoid receiving such a code.

 

Today, it's with great delay that I decide to investigate the underlying cause of this second factor of authentication being enabled, which brings me to the account settings. We see that the Two-step verification* option is disabled by default. As you may have already guessed, this leads me to wonder how a second authentication factor can then be involved in the login operation. I would appreciate an official justification for this practice. Greetings.

 

* Also known as two-factor authentication, 2FA.

Labels:
  • 0 Likes
  • 2 Replies
  • 507 Views
0 Likes
2 Replies 2

Rich
Super User II
June
@Ricky Tigg wrote:

We see that the Two-step verification* option is disabled by default.

What you're seeing isn't the usual two-step verification feature, which would use an authentication device such as a mobile phone. It's a one-time security code and Dropbox will request these anytime it doesn't recognize a device or feels the sign-in attempt may be suspicious.

 

0 Likes

Ricky Tigg
Explorer | Level 3
June

So something unknown remains as to the usage protocol when the Two-step verification option is active, because none of the pages relating to the connection - https://help.dropbox.com/account-access/enable-two-step-verification and https://help.dropbox.com/account-access/one-time-code - mention it. Which unknown places the service user in the uncomfortable position of not knowing what to expect when connecting. I dare to speculate that the one-time security code would not be applied because it would then involve three authentication factors, which could be considered disproportionate.

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Ricky Tigg Explorer | Level 3
  • User avatar
    Rich Super User II
What do Dropbox user levels mean?