How to protect your Dropbox account

Drew Houston, chief executive and co-founder of Dropbox Inc., speaks before a Bloomberg West interview in San Francisco in April.
(David Paul Morris / Bloomberg)

With the equivalent of nearly the entire U.S. population using Dropbox around the world and 1 billion files being saved onto the cloud storage service each day, the San Francisco startup has no shortage of reasons to keep data secure.

But because people tend to use the same email/password combination across the Internet, a breach at one website means hackers get the keys to a bunch of websites, including Dropbox.

Dropbox said Monday that a list of logins were in fact exposed online through some other hack, compromising an untold number of Dropbox accounts.

Dropbox users can protect themselves with an extra layer of security with two-step verification: In addition to a password, they must enter a code received through text message or a mobile app when logging in from a new device.


In case hackers get past that, people can also encrypt their files before uploading them to Dropbox. While Dropbox locks up data in transit and in storage, the company holds the keys. Encrypting information before uploading it to the cloud leaves one set of keys in just the user’s hands. The extra barrier is like adding a cast-iron security grill in front of a locked door.

For free, Boxcryptor encrypts files sent to Dropbox from two devices. Other options include Viivo and VeraCrypt. The downside is encrypting files may require a desktop or a laptop, and uploads to Dropbox may be slower. It’s the typical convenience versus security trade-off.

Or consumers could heed Edward Snowden’s advice and ditch Dropbox altogether in favor of cloud storage services such as SpiderOak and Tresorit that say they don’t store any keys.

Chat with me on Twitter @peard33



Get our weekly Business newsletter

Tips for how you and your finances can get through the pandemic.

You may occasionally receive promotional content from the Los Angeles Times.