At Dropbox, security is our highest priority

Dropbox account security features help to protect your account from being accessed without your knowledge and approval.

• Two-factor authentication—require a six-digit security code or key in addition to a password to access your account.
• Device approval and management—get notified of logins from new devices, and remotely wipe Dropbox data from any device used to access your account.
• Dropbox Passwords—a zero-knowledge password manager to store, sync, and autofill your login details to seamlessly sign in to websites and apps. No one has access but you, not even Dropbox.

• Protecting files at rest—256-bit Advanced Encryption Standard (AES), the strongest method of AES encryption available, makes the files in yourcloud storage virtually-impossible to crack. It would take billions of years to break into a file protected in this way using current technology and so-called “brute force” methods.
• Protecting files in transit—Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are used to protect data as it transfers between Dropbox apps and our servers.

Share in confidence. Dropbox provides multiple ways to share and monitor access to your files and folders:

• Share folders, links and files—no matter what you’re working on, or who you’re working with, securely share folders, links, and files from your cloud storage.
• File locking—lock files while editing to prevent unwanted edits from collaborators and avoid conflicting copies.
• File permissions—granular file permissions give you the power to control who can access individual folders and files, and the level of access permissions they have for each.
• Password-protected files and folders—password protect files and folders, to add an extra layer of security.
• External content reporting dashboard—view all files and folders shared outside of your team in a centralized dashboard. Require a password and expiration date for externally-shared links, and easily revoke access when necessary.

Give yourself peace of mind, reassured that your files are safe from accidental deletion, unwanted edits, or damage to your devices.

• Version history—roll files back to earlier versions without needing to create additional copies.
• File recovery—restore deleted files back into your cloud storage.
• Dropbox Rewind—recover from accidents or ransomware by reversing all changes to your content at the folder or account level.
• Dropbox Backup—automatically Backup computers—and connected external drives—directly to the cloud. Should anything ever go wrong, it’s quick to recover your content to any device.

The threat of data breaches and large-scale attacks requires constant vigilance. Our systems continuously monitor for and automatically react to signs of exposed account data.

• Vulnerability testing—Dropbox applications and infrastructure are regularly tested for security vulnerabilities, and hardened to enhance security and protect against attacks.
• Dark web monitoring—we continuously monitor the dark web for signs of data breaches, with automated systems to notify you if your information has been compromised.
• Ransomware detection—always-on monitoring quickly alerts you to potential attacks, and Dropbox helps recover your content without paying a ransom.
• Breach alerts and notifications—get immediately alerted to suspicious behavior like ransomware attacks, mass file deletion, excessive login attempts, and login attempts from unfamiliar or suspicious locations.

Save yourself the admin headache ahead of an audit and ensure all of your files are compliant from day one.

• GDPR compliant—GDPR compliance and requirements are a top Dropbox priority. In line with our commitment to the protection of our users’ data, we work hard to ensure that Dropbox and its services areGDPR compliant.
• Support forHIPAAcompliance—we’re committed to helping customers subject to HIPAA/HITECH regulations safeguard protected health information (PHI).
• SOC 1, 2, and 3 compliance reports—when you have high volumes of sensitive data in the cloud, you require superior security, privacy, and compliance controls— and regular reports on their effectiveness.
• Data classification—stay compliant with privacy and security policies. Automatically track and report on sensitive or confidential information in your cloud storage.
• Data Governance Add-On—secure and control your corporate data so you can meet your regulatory and compliance needs, while also reducing the risk and costs of not meeting them.

Learn more about our approach to security in our security practices white paper.