cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Find out how Tiffany, a Customer Experience superstar uses Dropbox to keep her family in the loop when it comes to her new baby here!

Dropbox ideas

Got an idea for Dropbox? We want to hear it. Our team will review the top voted ideas, so share them here!

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

2FA should protect "Selective Sync" too

2FA should protect "Selective Sync" too

natv
New member | Level 2

If 2FA is enabled on Dropbox, it should require the 2FA code before allowing changes to be made to the "selective sync" settings.

 

One some computers (work versus home PCs for example) there may be specific folders you don't want on the other.  2FA should protect from someone accessing your Dropbox settings on a PC and enabling more folders to sync.

 

 

8 Comments
natv
New member | Level 2

Please help vote/comment:

 

Dropbox suggestions:

https://www.dropboxforum.com/t5/Dropbox/2FA-should-protect-quot-Selective-Sync-quot-too/idi-p/238410...

 

 

 

If 2FA is enabled on Dropbox, it should require the 2FA code before allowing changes to be made to the "selective sync" settings.

 

One some computers (work versus home PCs for example) there may be specific folders you don't want on the other.  2FA should protect from someone accessing your Dropbox settings on a PC and enabling more folders to sync.

 

Mark
Super User II
Hi Natv,

I agree this would be a nice feature *but* it would need more than just that because I simply could navigate to www.dropbox.com on that computer and view all of the files anyway. Selective Sync just stops them being installed on a device. It doesnt stop them being accessible in other ways.
natv
New member | Level 2

Shouldn't 2FA then also apply to web logins?

 

 

Mark
Super User II
It does - if the software is not installed.

If the software is installed you can go straight to www.dropbox.com/home and be logged in. You dont need to do any additional logging in as the software has done it all for you.
natv
New member | Level 2

I see, that's pretty bad security in my opinion.  Hopefully someone at Dropbox sees this and reviews how this is all working.

 

I understand that you're already logged in on the PC, but I still think to access the web interface and to make changes like changing the selective sync options it should trigger a 2FA request.

Mark
Super User II
There was a similar thread recently where Dropbox replied that they take on board concerns but it isnt something which is going to change any time soon - if at all.

Dropbox is designed to be a single user product. By that I mean 1 user = 1 install on a computer operating system account. So its designed that the account is secured and thus the folder etc. is.

The work around given is, if needed set up a second account to use on a work machine and share folders between that one and your personal one. That way things cannot get misused.
James C.87
Helpful | Level 5

@natv wrote:

If 2FA is enabled on Dropbox, it should require the 2FA code before allowing changes to be made to the "selective sync" settings.

 

One some computers (work versus home PCs for example) there may be specific folders you don't want on the other.  2FA should protect from someone accessing your Dropbox settings on a PC and enabling more folders to sync.

 

 


This seems to be conflating separate problems.

 

1.  In order to control Selective Sync on your PC, the Dropbox application must be running and connect to your Dropbox account. So the application has already been authorized to control Selective Sync by virtue of that login.

 

2.  In order to run applications (which may have account-related storage of application credentals) on your PC, you must authenticate to the OS with your account credentials. This is unrelated to Dropbox itself.

 

Thus, if someone else has access to your account on your PC and any application has been granted access to any resources, 2FA is moot. Your PC security needs to be improved. This is out of scope for Dropbox. 

Daphne
Dropboxer

This idea is going to need a bit more support.

We've updated the status to encourage more users to back you up!

Status changed to: Needs more votes
Vote for this idea

Like this idea? Vote for it and we will give it the attention it deserves!

1 votes received Status: Needs more votes