You may need to do occasional housekeeping on your Dropbox account, such as changing your email address, password, or various preferences; managing linked devices, Web sessions, and apps; and adding extra storage. This chapter covers many of these tasks, with a particular emphasis on Dropbox’s security features and settings.
All the account management tasks I discuss in this chapter can be performed on the Settings page of the Dropbox Web site. To get there, go to dropbox.com, sign in if necessary, click your name in the upper-right corner of the page, and click Settings—or, to get there directly, go to the Dropbox Settings page.
The Settings page is divided into three tabs: Profile, Account, and Security. Because many of the settings on these tabs are self-explanatory or covered elsewhere in this book, I don’t list them all here, but I recommend browsing through them to acquaint yourself with what’s where. A few quick tips, however:
If you want to automatically download and install “testing” (that is, beta) versions of the Dropbox app, and receive invitations to try out new features before they’re available to the general public, scroll down to the Preferences section at the bottom of the tab and select “Include me on early releases.”
You can also click Extended Version History (under Available Add-ons) to subscribe to the extra-fee service that maintains deleted files and older versions for a year (see The Extended Version History Option).
Because security is such an important consideration, I want to take a brief detour to discuss how Dropbox does and does not protect your data. Then I’ll explain how to perform several security-related tasks.
How safe are the files you put in your Dropbox? Is it secure enough for sensitive files? When push comes to shove, can you trust it?
First the good news. Every file Dropbox stores in the cloud is encrypted with 256-bit AES, which is widely considered to be a highly secure encryption algorithm. In addition, all your data is encrypted with SSL while in transit between your devices and the cloud. So, you need not worry that someone sniffing your Web traffic will be able to see the files you’re syncing to or from your Dropbox, and as long as your password doesn’t get out (see the sidebar Your Dropbox Password, ahead), your data should be safe while it’s in the cloud too.
But there’s a wee catch. Dropbox holds the encryption key, so although your data might be entirely safe from outsiders, it is not safe from Dropbox employees (and therefore, it could be provided to law enforcement if necessary). Now, I hasten to say that Dropbox has many controls in place to prevent employee access to your data except under rare and extreme circumstances (visit the page How Secure Is Dropbox? for details), but I’m just saying: those wonderful policies and technical measures go poof as soon as a court order or subpoena appears. (You can read about the circumstances in which Dropbox may access your data in its Privacy Policy.)
So, even though I consider Dropbox to be secure enough for most day-to-day personal and business use, it’s not bulletproof. In particular, if your business is subject to HIPAA (Health Insurance Portability and Accountability Act) requirements in the United States or to any of numerous other privacy laws, this sort of cloud storage may be a complete nonstarter, because you don’t control the data storage or the encryption keys.
Of course, nothing prevents you from using your own software to encrypt data with a private key before you store it in your Dropbox. If you do that, then even if Dropbox did have to turn over your data to the authorities, it would be useless to them without your private key. The problem, however, is that you’ll be able to access those encrypted files only in apps that explicitly support the type of encryption you’ve chosen. Only a few encryption apps connect with Dropbox and run on multiple platforms, and even when they do, using them locks hundreds of otherwise useful apps out from your encrypted data.
Like Google, Apple, Evernote, Facebook, Twitter, and an increasing number of other companies that store private information in the cloud, Dropbox offers an optional security enhancement called two-step verification. If you activate this feature, then each time you sign in to Dropbox on a new device, you must supply not only your password but also a 6-digit code that changes every 30 seconds. You obtain the current code, when needed, by way of either a mobile authenticator app (which you can install on your smartphone or tablet) or an SMS message sent to a mobile phone.
Two-step verification is safer than a password alone because it means that someone who steals or guesses your password can’t get into your account without also having your mobile device (and vice-versa). However, bear the following facts in mind:
The Dropbox Web site provides instructions for enabling two-step verification, and I won’t repeat them here. However, one thing that the instructions don’t make clear is that although you have to choose between using an app (such as Google Authenticator or 1Password) and an SMS message for authentication, there’s a way to keep both options available. To do this, choose Use Mobile App when prompted to pick a method, and then later you’ll be asked if you also want to add an SMS-capable phone number as a backup. So, do that too. Then, if you’re ever in a situation where you’re signing in to Dropbox and you prefer to use SMS rather than a mobile app, click the “I lost my phone” link, and you can then receive your code by SMS (without in any way affecting your ability to use a mobile app in the future).
In any case, when you sign up for two-step verification, Dropbox provides you with a 16-character emergency backup code that you should keep in a safe place. If you ever find yourself without access to your mobile authenticator app or SMS, the recovery code will serve as a secondary password, enabling you to sign in.
Just as Dropbox lets you Manage App Authorizations as discussed in the previous chapter, it keeps track of which devices and Web browsers are signed in to your account and lets you view or manage them.
When you install the Dropbox app on a Mac, PC, or mobile device and sign in, Dropbox links that device to your account, which means it remembers that you’ve authorized access for that device and won’t continually prompt you for your credentials.
To see which devices are linked, go to the Security tab of the Dropbox Settings Web page and scroll to the Devices section (Figure 81). To rename a device (which merely changes its label on this page, so it’s easier for you to tell devices apart), double-click it, type a new name, and click Save. (My testing suggests that only computers, and not mobile devices, can be renamed in this way.) To unlink a device so it stops syncing with Dropbox, click the X icon, and then click Unlink Device Name to confirm.
Another way to unlink a computer, assuming you still have physical access to it, is to go to Dropbox’s preferences window, click Account, and click Unlink This Dropbox.
The Security tab also shows any open Web sessions (Figure 82)—that is, browsers on which you’re signed in to your Dropbox account. If you select the “Remember me” checkbox when you sign in, Dropbox considers that session “open” even after you quit the browser. To force any of these sessions to end, click its X icon. The next time you visit the Dropbox site in that browser on that computer, you’ll have to sign in again.
If the 2 GB of storage you get with a free Dropbox Basic account isn’t enough, you can pay for more (see Upgrade to Dropbox Pro, next). But even without paying Dropbox another cent, you can earn as much as 16.75 GB of bonus space, for a total of up to 18.75 GB; paid Pro users can earn up to 32.75 GB of bonus space, for a total of up to 1.03 TB.
You can see what storage you’ve earned so far on the Account tab of Dropbox’s Settings page: under “Earn more space,” click “View all space earned.” To see what options are available for adding space to your account, visit the Get more space page and sign in if the site asks you to.
As of February 2016, you can obtain additional free storage in the following ways:
If even the bonus space you can earn for free isn’t enough for your needs, you can pay Dropbox monthly or yearly for Dropbox Pro, which includes 1 TB of additional storage. In addition to the extra space, Dropbox Pro lets users share folders with read-only access (see Invite Someone to a Dropbox Folder), add a password or expiration date to any shared item (see Manage Permissions and Expiration), request files from anyone (see Request Files), and remotely wipe a lost or stolen device (see Remotely Wipe Dropbox Contents from a Device); plus, Dropbox Pro subscriptions can optionally include The Extended Version History Option.
To upgrade to Dropbox Pro, choose Your Name > Upgrade or go directly to the Dropbox Plans page. Click Upgrade and follow the prompts to provide your payment information. (Once you’ve upgraded to Dropbox Pro, the Upgrade button becomes Change Plan; you can use this to go back to a Dropbox Basic account if you wish.)
You can use your additional storage space and other new features immediately. And that’s it—almost entirely painless.
18.118.10.18