This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
English
Announcements
Check out the Dropbox cheat sheet for getting started in 2021 here!

Dropbox ideas

Got an idea for Dropbox? We want to hear it. Our team will review the top voted ideas, so share them here!

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

2FA should be required to change password, change email and disable 2FA

See more ideas labeled with:

2FA should be required to change password, change email and disable 2FA

Matteo R.1
New member | Level 2
‎01-07-2020 04:27 AM
Status: Needs more votes
1 Comment (1 New)

2FA is a great thing to have. It is based on the idea that a password alone is not enough to authenticate.

However, if the password of an account is compromised by an unauthorized person, and this person gets access to a signed-in device, they can

- change the password
- change the email address and
- disable 2FA

without having to go through the 2FA - thus effectively preventing all means of access to the owner.

What is worse (and this is the personal experience of a colleague here), the Dropbox support will not be helpful in regaining access to the account for the legitimate owner. Their comment was simply "Unfortunately, there may be no action that we can take since the account's email was changed using the legitimate password to the Dropbox account."

I believe that in addition to asking the current password, a 2FA code should be required when editing the password, email and for disabling the 2FA, as these are very security-sensitive settings.

See more ideas labeled with:
  • 0 Likes
  • 1 Replies
  • 5,827 Views
0 Votes
1 Comment
Lusil
Dropboxer
‎02-11-2020 07:14 AM

Hey @Matteo R.1, thanks for sharing your thoughts with us!

This idea is going to need a bit more support before we share your suggestion with our team.

We’ve updated the status to encourage more users to back you up!

In the meantime, if you have any other questions or ideas about features that you'd like to see implemented in the future, just give us a shout. Cheers!

Status changed to: Needs more votes
Vote for this idea

Like this idea? Vote for it and we will give it the attention it deserves!

0 votes received Status: Needs more votes

Top voted ideas from the Community