Dropbox – 4 steps to keep your account from getting hacked

1. Use a Strong Password

DropboxFor those that aren’t familiar with this term, a Strong Password is one that contains (where permitted by the website or service) a combination lower case letters, uppercase letters, numbers, punctuation or other special characters to make up a password. The longer the password is, the long it will take for someone to guess or hack your password. This is an area where I am probably as guilty as everyone else is on this. I have a “favorite” password or two that I liked to use in the past. This kept me from having to have a way to keep track of all the passwords that I used on different websites. With more websites adding additional layers of security such as challenge questions, etc., I have had to start using a password manager app to help keep track of the different passwords, the challenge questions and answers used on a particular website, the recovery procedure if I am locked out of a website, what additional login procedures I have used for that site, etc.

I use a password manager app called mSecure. It is a multi platform (i.e. Windows, Mac, Android, iPhone, etc) app so that you have close to the same interface regardless of how you are using it. It also has several different ways to synchronize the password database so that you should also have the same version of the login information on each of your devices that you use it on. There are a variety of apps to choose from in this area, so look for the one that best works for you.

2. Use a Unique Password

This one will be a bit of a pain but the time taken to do this will pay off in the long run. Look at it this way, if one of your logins on a particular site is compromised or hacked, you have taken a step to minimize the potential for additional website logins to be breached as well. Most password manager apps have the functionality of helping you generate a unique password. There are other apps that do this as well. A search of the app store for your phone or the internet for you laptop/desktop should show you some options to look at.

Different websites have different rules for how you can make your password strong. Some will let you use “special” characters such as * or +, others wont let you use those characters but will make sure that you dont use a password that can be looked up as a dictionary word. Some will not allow the same character or number to be used repeatedly. Remember, the more uniqueness you can have in a password makes it that much more difficult for someone to hack your account.

3. Enabling Two Factor Authentication

  • Login to your account
  • Click on your login name
  • Click on Settings
  • Click on the Security tab
  • Click on Enable beside Status on Two Factor Authentication
  • Click on Get Started button
  • Enter the password for your account

You can select 3A, 3B or 3C for the level of Two Factor Authentication you want to enable for your account. The implementation of all three of the following options isn’t needed. If you enable SMS and using the Google Authenticator client, you are given the option of using the Google Client first. If you check the option on the screen about not being able to use the software authenticator, you will be given the option of using a code sent via SMS to your phone number on file. As a last resort, you have the option of using the Emergency Backup code.

3A. Using SMS for Two Factor Authentication

  • Select Use text messages
  • Click on Next
  • Enter the number for your Smart Phone
  • Click on Next
  • Enter the code that is sent to your Smart Phone
  • Click on Next
  • Click on Next to go past entering a backup phone number to send the code to
  • You will see a verification screen verifying enrollment in Two Factor Authentication
  • Write down the emergency access code (put this in your password manager app)
  • Click Enable two-step verification button

3B. Use Two Factor Client (i.e. Google Authentictor or SAASPASS)

  • Select Use a mobile app
  • Click on Next
  • Do a screen capture of the QR code displayed on the screen
  • Put the screen capture in a safe place
  • Click on secret key link
  • Capture the secret key as an option to login if you don’t have your phone
  • Past the secret key in your password manager app
  • Click on Next
  • Enter the 6 digit code displayed by your two factor client
  • Click on Next
  • Click on Next to go pass the screen for entering a backup phone number
  • Click on Next
  • Copy the Emergency access code and put in in your password manager app

3C. Use Security Key

To use this option you have to go through either step 3A or 3B The key I used for this part is the Yubico FIDO U2F Security Key At this point, you should still be in the Security Tab portion of your account. – Click on Add beside Security Key – Enter the password for your account – Click on Next – Click on Begin Setup – Insert the Yubico FIDO U2F Security Key – Click Key Inserted – Tap on the gold button on the key when prompted on the screen – When the key is registered, you will get a message on the screen. – Click on the Finish button

4. Test Two Factor Authentication

  • Logout of your Dropbox account
  • Log back in and test the two factor authentication
  • Enter your username and password
  • Follow the steps on the screen as indicated for the two factor authentication you have setup

With Dropbox, you have the option of using the Two Factor Authentication option you initially setup before using the FIDO U2F key. If you don’t have that key available, click Use mobile authenticator option to use that option instead.

For other posts in this series, please use this link – http://www.ronnutter.com/category/social-media/

If you would like to be notified when my book “Protecting Your Online Presence”, please click on the title and you will get an email as soon as the book is released for publication. Thanks for your interest !!.

Send to Kindle
This entry was posted in Blog Entries, Social Media, Two Factor Authentication and tagged , . Bookmark the permalink.