Take Your Search Game to the Next Level with Dropbox Dash 🚀✨ Curious how it works? Ask us here!
Forum Discussion
My iPhone was stolen and two-factor authentication is preventing my account access.
My iphone was stolen, and two factor authentication is stopping me from logging in. A code is supposed to be sent to my new phone, but I never receive it. Sometimes I receive an error message that says there was an error sending the code. I changed my password on my account with the Apple Private Relay address, but I am not receiving the code, so I can’t logon. I have 2 factor authentication on, and I can’t get the code from the Auth App either because of the stolen phone. See attached screenshot with error message
Dropbox Support staff says I will never be able to recover my account because the email address is an Apple private relay address and I cannot send them an email from this address. This is ridiculous. I have recovered other accounts elsewhere that use Apple’s private relay address. Dropbox Support says they are going to just close my Help Desk Ticket without helping me further/with no resolution. This seems to be bad security recovery design. I would appreciate any help in gaining access to my account. I only have one device- my new iPhone. Thanks
8 Replies
- Rich
Super User II
I have 2 factor authentication on, and I can’t get the code from the Auth App either because of the stolen phone.
The two-step verification will be what's preventing you from gaining access to the account. If you're not able to receive the code, you'll need to use the emergency backup codes you were given when you enabled two-step verification. Without them there's no way to gain access to the account. Dropbox will not bypass two-step verification due to a lost device.
- Mark
This seems to be bad security recovery design
Its actually very very good security design. The whole point of 2FA is to ensure that only people who have the credentials can access the account, there shouldn't be a way to circumvent that.
The system DOES make you download and save secure 'emergency codes' for situations like this - when setting up 2FA you HAVE to download them and HAVE to say you have saved them. As Rich has said - without those the account is lost like Dropbox said.
There are many ways to securely verify identity. Other companies do that for locked accounts. Some also offer biometrics - face, fingerprint, voice, for example. Biometrics are much more secure than passwords, 2FA. Also, I had my cellphone number as a backup method, but apparently someone removed it from my account
Not true. Dropbox Advanced Support exists, and they can help users recover accounts even without the secret codes. Here is a post from someone in Dropbox forum:
“We did eventually hear from the advanced support team. They have suspended the account for now (which is excellent) and are giving us the opportunity to regain access through a questionnaire where we will provide several details on the account. So...for anyone that may come across this post, just be persistent. I know it is frustrating when there is no number to call and you are told your support request will be handled in 1 to 2 business days, only to be responded to and directed to "login and change the password on the account". I opened a second ticket referencing the first, not sure if that is what escalated it or just timing. Anyhow, it does appear that Dropbox has more ability to help than initially conveyed.”
So please stop telling users to give up because there is no way to recover their Dropbox account without the secret keys.
Will a staff person please have Dropbox Advabced Support staff contact me so my account can be recovered? And your level 1 support staff really needs to be managed. Their responses to me are incorrect and they refuse to escalate support tickets to Dropbox Advanced Support staff.
https://www.dropbox.com/support/ticket/24807547
but I didn’t ask them for the key. You will see the help I asked for was because my iPhone was stolen and I can’t get access to my Dropbox account. I’m trying to get my Google Auth App set up again so I’m trying to add a code. I want to try to get Google Auth working to see if that will get me in to my old Dropbox account. I just set up this new Dropbox account to ask the Community for help as I’m a novice at Dropbox account issues.
I’m also going to ask you to check your audit trail to see who removed my phone number from my account. I had that as a backup. The screenshot I included in this message was preceded by a screen that said I would receive a text with a code that I could use as an alternative to getting a code from the Google Auth App. I clicked to send me this code via text message and received the error message in the attached screenshot. I believe that is when someone removed my cell phone number from my old Dropbox account. I can send you my cell phone number via a private message if that would help you. I really want the audit trail investigated. This is clearly a hack by someone. I can give you more details in a private message if that would be helpful. Thanks for your help.- Megan
Dropbox Staff
Hey PrivRelay, I was able to locate your ticket number on our system and had a look into this.
I had a and I completely understand how frustrating it can be to wait for a resolution. And it's definitely important and vital to gain access to your Dropbox account.
I want to assure you that our specialized team is more than willing to investigate your case. However since this issue requires advanced tools and account visibility that we don't have available here in the community, your case is in the best possible hands with them.
Keep in mind that you'd need to follow their steps, and reply back using the email address linked to the Dropbox account facing the issue, in order for them to have more insight to the issue at hand.
While we can't intervene in their process, I've gone ahead and raised the priority of your communication to "High". In any case, we're here to support you and answer any other questions you might have.
Thanks a bunch!
The support staff has not helped me. They just copy and paste from online help, insult me, and their replies most recently tell me to login to read their replies when they know I can’t login - that’s why I’m asking support for help. I’ve never seen such incompetence from support staff, and I’ve been online for decades. Here is the error message I receive when I try to login to read their support replies. I had just tried to login. There was no too long since I logged in
Also, the screenshot I attached when I opened this discussion shows that the application was trying to send me a code via text/SMS but then I received an error message instead. I had my phone number on my account. It appears that my phone number was removed as your app was trying to send me the code so I could login. Again, I am asking that you review the audit trail to see who/how etc. my phone number was removed. If you cannot help me with this, please copy and paste this info onto my help desk ticket and refer it to a manager. Thanks
