cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
What’s new: end-to-end encryption, Replay and Dash updates. Find out more about these updates, new features and more here.

Settings and Preferences

The Dropbox Community is here to help if you have questions about your account settings and preferences. Learn and share advice with members.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Two factor problem = account lost. user since 2009.

Two factor problem = account lost. user since 2009.

joaochora
Explorer | Level 4
‎07-31-2018 08:00 AM
Go to solution

Good afternoon Dropbox Users and Community,


Today I want to share with everyone my experience with Dropbox for, maybe, Dropbox one day think on it and find a smart solution.. because as I will show you, **it happens!


First of all, I'm writting this text as [removed] (my 2nd account) but the problem is with my main account that I use since 2009 ([removed]).
I´m writting it from this account because I dont have access to my main account.


I'm military and I was in comission out of my country for more or less 1 year and my cell phone carrier cancel my cell phone number because I didn´t pay the monthly value. Of course I knew that will happen but I dont want to pay every month +/- 20€ knowing that I will not use it.. (at this time I was using dropbox without any problem in the desktop).


The time pass and some months after, the Android release the version 7.0 and my system got the update and format the cell phone.


Well I install all of my apps and configure again my bank account because many of them had 2-factor activated. Of course I got some problems in some of them to prove my identity.. (but I sent my id card and mac addresses of the devices that were previous connected to that accounts and all got solve! and we are talking about real money...bank account!).

One of the apps that I reinstall was Dropbox. And I though: "well currently I´m not using it in my cell phone so I configure it later" (again, at this time I was using dropbox without any problem in the desktop)...


The time pass and 1 year after I formatted my computer.


When I was installing all the applications that I had before, I face the problem that I´m sharing with you today... I couldnt access to my Dropbox account because:


Problem 1 - Cell phone number. I no longer have this cell number because it got deactivated.

Reaction 1 - I contacted my old cell phone company and they cant reactivate it because it is beeing sell in some store of the country and they cant know the location of it now.


Problem 2 - I dont have any devices with the dropbox information saved

Reaction 2: But I still have my Sony Xperia Z5 Compact and my desktop that were the last devices to access in my account.


Problem 3 - Unfortunatelly (my mistake) I didnt´t save the emergency pin code correctly... I though the best place should be where I expect never to lose it.. Inside of the dropbox.. So I cant reach it now...

To solve this I have:

Solution 1:
My Dropbox account is connected to my Gmail account.
My Gmail account is connected to my Facebook account and Bank Accounts.
My Gmail account is connected to my Paypal account and eBay account.
Can send you or do a remote connection with Dropbox to prove my identity through logins or send you some data of my bank that had at that time that contacts. this method BUT if it is not enough:

Solution 2:
About my cell phone number I still have extracts of the bank including my personal data . I also have papers with monthly payments to my old number. Can send you to prove my identity too. But even this method isnt enough:

Solution 3:
I still have the devices that were connected in the past to my Dropbox account.
I have the security codes that you sent me to my old number with the codes. I have that messages in my inbox! I also can send you pictures of the mac address and imei of the cell phone or the computer.


Well as you can see I can prove easily my identity if you decide to help a costumer and stop writting me default answers that dont help this situation.


(For the Community I already sent a ticket were I put some information of the solutions that I propose but for now there isnt solution).


For the Dropbox helper that will read this, I know that this is only valid if I write it from the correct email address but as long as I can´t do that, I have this ticket that have many information about this problem.

 

Ticket: #8172606

 

I think the solution to this isnt to go through weekly trying to contact my old phone number in the hope that there is already a user to resend me the pin code... This is absurd.

  • 1 Likes
  • 33 Replies
  • 9,036 Views
33 Replies 33

joaochora
Explorer | Level 4
‎07-31-2018 09:51 AM
Go to solution

No problem Mark... Currently Im trying that some dropbox supervisor check this situation..

 

I´m able to send them my personal id card and to do video call with them in live mode.. I think its the most honest way for them to check my identification and unlock my account.

 

Also, I created the account in 2009, and I dont remember if I put address and home phone number... If I entered it still the same so maybe they can send me by postal service a letter...or do me a call to my home.

 

Lets get hope...

0 Likes

Jay
Dropbox Staff
‎07-31-2018 09:59 AM
Go to solution
@joaochora wrote: 

"Account information. We collect, and associate with your account, the information you provide to us when you do things such as sign up for your account, upgrade to a paid plan, and set up two-factor authentication (like your name, email address, phone number, payment info, and physical address). Some of our Services let you access your accounts and your information via other service providers."

Physical addresses aren't associated with accounts, unless you're on a Business account or using manual invoices, as they're able to customize invoices for themselves. Even then, this information can't be used to regain access.

 

If this were the case, anyone could provide an address for a well-known company and ask for access to a random potential admin email, and if lucky, could get in.

 

"Contacts. You may choose to give us access to your contacts to make it easy for you to do things like share and collaborate on Your Stuff, send messages, and invite others to use the Services. If you do, we’ll store those contacts on our servers for you to use."

Note that it doesn't state that storing the contacts grants you to ability to access your account. If users could do that, we might have multiple accounts with the same contacts that could be breached.

 

"Usage information. We collect information related to how you use the Services, including actions you take in your account (like sharing, editing, viewing, and moving files or folders). We use this information to improve our Services, develop new services and features, and protect Dropbox users. Please refer to our FAQ for more information about how we use this usage information to improve our Services."

Again, this doesn't state you can use the information to help in regaining access to the account. What if your phone was taken and then they have access to the app? After verification of a few folders, the person could then take over your account entirely.

 

"Device information. We also collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services."

Once more, this cannot grant you access to the account, by simply knowing which devices you used to login to the app. Any person who has your devices could verify it very easily.

 

While it does seem that this is strict, these are security policies put in place to secure your data from any access. Even if you could provide an ID card, there's no log of it in the system to compare it to since we never requested it to begin with.

 

Only the emergency code can be used unfortunately.

Jay
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join!

Mark
Super User II
‎07-31-2018 10:17 AM
Go to solution
I can guarantee that even if you get to CEO level they wont let you access the account without the security you've set up - they've been exceptionally strict on this in the past.

Supervisors wont (and cant) override what the security team have said.

Without the systems you set up (i.e. the phone or security codes) that account is now lost.

 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

joaochora
Explorer | Level 4
‎07-31-2018 08:32 PM
Go to solution
@Jay@ wrote
Again, this doesn't state you can use the information to help in regaining access to the account. What if your phone was taken and then they have access to the app? After verification of a few folders, the person could then take over your account entirely.

What if.. what if.. well my what if is that I still have the devices that I connected to my account! What if I show them to you directly in a videocall?

@Jay@ wrote
Once more, this cannot grant you access to the account, by simply knowing which devices you used to login to the app. Any person who has your devices could verify it very easily.

Once more... I don't simply know the devices, I still have them. Isn't it enough?

 

It's not about been strict, what is stupid here is that you (Dropbox) dont have another way to check the identity of the customers? Even Paypal and Banks have...

 

And the costumer service... I´m able to show you the last devices that connected to my account its so hard to do a videocall with the costumers (do the procedures of identity check with id cards / driver license) and then check the devices?

 

Elixir
Super User
‎08-01-2018 01:17 AM
Go to solution

Hi @joaochora, I would still insist you to try with your carrier to obtain the same number. I think, cell carriers can change the number associated with a SIM card (unless it is already taken). I changed my SIM card several times (when I needed a new 4G SIM, when I ported to another cell carrier etc.). Each time I went to the stores, and they just randomly picked a SIM card. I saw in its label that it was already assigned a mobile number. They enter/scan UID (separate from the mobile number) of a SIM card in their system, and ask me to enter my current number. Then I receive a code in my exhisting mobile, which required to input in their system for SIM transfer. But I heard that it is not so simple if you cannot receive the OTP on your current number. But, I hope if you can prove that you had the same number before (your phone bills), the carrier may agree to issue the same number like they do in case of a stolen phone. 

 

I agree with you that life would have been much easier if Dropbox had some alternative way to the verify your identity. But, in my opinion, they cannot implement the way a bank establishes identity for various limitations. Banks need your real identity: address proof, passport, social security nuber, and with that they have accees to other databases which are cross verified with photo, signature, biometric. I believe, the policy is similar with other web services (e.g., your Google account). They give you some emergency way out (backup codes, trusted devices etc.), unfortunately you fail to avail all the routes. 

Mark
Super User II
‎08-01-2018 02:50 AM
Go to solution
Sadly none of those suffice Joachora.

The only way to get the account back is via the security mechanisms you put in place - the security codes or the phone number.

 


:penguin::penguin: - :penguin: - :penguin: - :penguin:


Heart Did this post help you? If so please mark it for some Kudos below. 


:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


:arrows_counterclockwise: Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

0 Likes

Jay
Dropbox Staff
‎08-01-2018 06:47 AM
Go to solution
The last word I can give in this thread is as what I’ve mentioned previously, and Mark and Elixir, nothing else can be used to access your account, except your phone number and emergency backup code.

Video calls showing ID and driver’s license won’t help, since we never collected that information in the first place. If we required all users to submit ID when setting up two-step verification, we’d have a lot less users taking advantage of the feature, since they might not want us to have that info.

Banks and PayPal, by definition, need all information such as home address, phone number, ID, and so on for fraud reasons to even setup an account, so naturally there would be more ways to get yourself verified there.

Showing the devices in a video call wouldn’t be an option either, since owning the device doesn’t necessarily mean you own the account.

I’m not trying to be difficult, but the whole point of the ‘stupid’ strict rules (as you called them), is to prevent unauthorized users to access any account, without the required items. This is our procedure, and there isn’t any way we can be flexible on this matter.

Jay
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join!

joaochora
Explorer | Level 4
‎08-04-2018 03:21 AM
Go to solution

Jax,

 

If you think that this situation is fair and its solved what can I say?

 

I know that you dont have the id of the customers in first place BUT, you have my email right?

 

So the problem to unlock my account is that you cant confim my identity only though the email right? Because it can be compromised right?

 

So, maybe we can find another way to prove that the person of that email is me? And there is many ways to do it.

 

I have:

 

1 - My dropbox email  is connected to my gmail account.

2 - My gmail account is connected to Facebook/Twitter/Linkedin (so you just need to look the picture of that accounts).

3 - Also to confirm that the guy that you see in the social networks is me, I can provide you a videocall with my id card.

 

Easy!

 

About the devices,

I'm not talking about one device, I m talking about at least two devices.

If I have 2 devices that were previously connected to my dropbox account doesn't mean that I had that account?

 

And also,

I can tell you the last browser and computer that I connected to my dropbox account.

 

How many people in this world can have/know:

1 - The cell phone number that I had connected to my account? (because it appears like this: "+**********55*"?

2 - Have access through my email to all of my social networks?

3 - Show you my id card or driver license or military id (because i have one..) through one of the social networks or all?

4 - Showing the last devices connected to my account through videocall?

5 - Also, show you previously SMS that I received in that my cell phone to allow other devices in my account (if you cant confirm that codes because they were random, see my next point (6);

6 - Show you 7 SMS received from dropbox. You just need to confirm that in that GDH (date-time group) others devices were allowed to enter in my account.

7 - Known the last device that was connected? And the location? And the browser that I used?

8 - Known with who I have folders shared?

9 - Known, for example, a name of a file that I have inside of the dropbox?

 

Well I can answer you.. only the person of the account.

 

You, as Dropbox costumer, just need to lose some time confirming all of this data or asking permissions to your supervisors etc...but you know... in many companies no one wants to work out of the box.. that's why, in the near future, they lose the trust of the costumers and when try regain that is too late.

 

Also, if you just do smart move to check my files in my dropbox, I got there pictures of me so: 2 + 2 = 4 right?

 

Dropbox Email + Social Networks Emails = My ID

Dropbox Images Folder = My ID

 

Its hard to do it?

 

Remember in 2010 when I created my account, dropbox launch this new system of sharing files.

Today, there have many alternatives. And you, as representant of Dropbox, should keep the old users and help them! Or, maybe one day, this will just close.

0 Likes

joaochora
Explorer | Level 4
‎08-04-2018 03:44 AM
Go to solution

Well thanks for deleting my last answer 😉

0 Likes

joaochora
Explorer | Level 4
‎08-04-2018 04:26 AM
Go to solution

.

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Rich Super User II
  • User avatar
    alexmn1 New member | Level 2
  • User avatar
    jdcchora Helpful | Level 6
What do Dropbox user levels mean?