We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.

Forum Discussion

stalkerski's avatar
stalkerski
Explorer | Level 3
2 years ago

Question about two-step verification

Two-step verification, when connected Security keys how to remove the authorization method through the Authentication Application since it is no longer necessary and even lose the level of protection

Account Access
Security
  • Walter's avatar
    Walter
    Icon for Dropbox Staff rankDropbox Staff
    2 years ago

    Hey stalkerski, welcome to our Community and thanks for using Dropbox!

     

    Can you please clarify what exactly you'd like to accomplish here?

     

    Do you want to disable the Authentication App as a way to log into your account since you're using security keys now, am I getting this right? 

     

    Let me know more and we'll take it from there. 

    • stalkerski's avatar
      stalkerski
      Explorer | Level 3
      2 years ago

      yes, you understood me correctly, because e. keys is considered the highest level of security, and it seems to me that its meaning is lost or a less secure way to unlock an account remains active. it's like coming up with a password for an account where you can go through authorization without a password.

      • Walter's avatar
        Walter
        Icon for Dropbox Staff rankDropbox Staff
        2 years ago

        So, in this case, you can change from using an authenticator app to receiving an SMS text to access your account or disable the feature in general. 

         

        Can you give this a go through your account's Security page and let me know if it helps stalkerski?

  • Enc's avatar
    Enc
    New member | Level 2
    2 years ago

    Security Keys like YubiKeys are not a gimmick. They are meant to increase security by replacing less secure methods of 2FA.

    The current process at dropbox forces me to have an SMS key or Authenticator app to use 2FA. Even when I add security keys SMS/Authenticator can not be removed. Therefore I cannot replace the less secure method with Security keys. Subsequently, security is not improved or even reduced, by allowing more methods.

     

    The suggestion is to allow only e.g. two security keys and disable all other 2FA methods. This ties the account to physical tokens and makes exploitation of access impossible.

    • Nancy's avatar
      Nancy
      Icon for Dropbox Staff rankDropbox Staff
      2 years ago

      Thanks for your suggestion, Enc

       

      Just a clarification; do you receive the 2FA code via SMS/Authenticator app, even if you add a security key as a 2FA method?

       

      Let me know, and we'll take it from there.

    • Jay's avatar
      Jay
      Icon for Dropbox Staff rankDropbox Staff
      2 years ago

      Hi Enc, are you available to respond to my colleague's message earlier?

    • Enc's avatar
      Enc
      New member | Level 2
      2 years ago

      I can choose what I can use as 2FA method. But I would like to get rid of the less secure method of SMS and only have security keys available. 

      I am not receiving an SMS if I didn't choose. But an attacker that is able to intercept the SMS can choose the SMS during his authentication. 

About Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

Need more support

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!