cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn about how Kev uses Dropbox to make sure he keeps track of all the new music he listens to? Check out his tips here

Dropbox ideas

Got an idea for Dropbox? We want to hear it. Our team will review the top voted ideas, so share them here!

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

2FA should be required to change password, change email and disable 2FA

2FA should be required to change password, change email and disable 2FA

Matteo R.1
New member | Level 2

2FA is a great thing to have. It is based on the idea that a password alone is not enough to authenticate.

However, if the password of an account is compromised by an unauthorized person, and this person gets access to a signed-in device, they can

- change the password
- change the email address and
- disable 2FA

without having to go through the 2FA - thus effectively preventing all means of access to the owner.

What is worse (and this is the personal experience of a colleague here), the Dropbox support will not be helpful in regaining access to the account for the legitimate owner. Their comment was simply "Unfortunately, there may be no action that we can take since the account's email was changed using the legitimate password to the Dropbox account."

I believe that in addition to asking the current password, a 2FA code should be required when editing the password, email and for disabling the 2FA, as these are very security-sensitive settings.

2 Comments
Lusil
Dropboxer

Hey @Matteo R.1, thanks for sharing your thoughts with us!

This idea is going to need a bit more support before we share your suggestion with our team.

We’ve updated the status to encourage more users to back you up!

In the meantime, if you have any other questions or ideas about features that you'd like to see implemented in the future, just give us a shout. Cheers!

Status changed to: Needs more votes
Jay
Dropboxer

This idea has been closed due to inactivity and can no longer be voted for. If you have a similar idea please share it with us here.

Status changed to: Closed
Vote for this idea

Like this idea? Vote for it and we will give it the attention it deserves!

0 votes received Status: Closed