There’s no denying the popularity of Dropbox. Boasting over 700 million registered users, it’s one of the original cloud storage services and one of the first to make mainstream the idea of storing files off your computer and in the cloud. Because Dropbox does many things well, it makes our list as one of the best cloud storage providers. Specific to this article, however, we’ll focus on Dropbox security.
Key Takeaways: Dropbox Security
- Unfortunately, Dropbox is no stranger to embarrassing data leaks, both internally and externally.
- Dropbox reaffirmed its commitment to security and is generally a secure experience for most users.
- Private encryption is not an option with Dropbox Personal, but it is coming to Dropbox Business.
Our Dropbox review covers the service more in depth. A big portion of what makes Dropbox (or any cloud provider) a viable option is its security. Put more simply, how well it protects your data. Data security happens when you transfer files from your device to your cloud account and while your data resides on a cloud server.
Privacy — often discussed in tandem with security — determines who can access your account and how a cloud company uses your data. Zero-knowledge encryption, or private encryption, is a benchmark for a cloud storage service. If your account has private encryption, only you have access. Currently, private encryption is not an option for Dropbox, but it will be coming (more on this below).
04/01/2023 Facts checked
Rewritten to include Boxcryptor purchase and Dropbox alternatives.
For most users, yes, Dropbox is a secure cloud storage option, using 256-bit AES encryption for data at rest and TLS/SSL encryption protocols to protect data transfers. Privacy could be another issue, as Dropbox does not offer private encryption. With the recent purchase of Boxcryptor, it will be coming to Dropbox Business.
Two of the best ways to protect your Dropbox account are enabling two-factor authentication and using a hard-to-guess password. Additionally, changing your password frequently is another step in good internet safety practices. Other steps include signing out of devices, web sessions and apps, and keeping applications updated.
Yes, Dropbox Business has the same security features as Dropbox Personal. Dropbox recently purchased Boxcryptor, a third-party encryption program, and stated that zero-knowledge encryption would soon come to Dropbox Business.
How Secure Is Dropbox?
If you have or are considering opening a Dropbox account, you’ll be happy to know that your data is secured both in transit and at rest. However, as an online entity, Dropbox hasn’t been immune to security breaches. To its credit, Dropbox is open and transparent about protecting your data, including an in-depth Dropbox security whitepaper.
Dropbox protects your data using AES-256 bit encryption while at rest on its servers. At a high level, the Advanced Encryption Standard protocol protects your account from many common cyber security threats, such as brute-force attacks. Our article on AES encryption explains how the process works in more detail.
When you transfer your files back and forth from your devices, Dropbox protects them using TLS/SSL encryption protocols. TLS/SSL protects the “hand-off” of data between device and server, which without it, would be vulnerable to cyber threats, such as a man-in-the-middle attack.
Dropbox recently purchased Boxcryptor, and it has indicated that private encryption will be coming to Dropbox Business. As of this article, Dropbox has yet to mention if its personal accounts will enjoy the same level of privacy. However, you can increase the security of your data by enabling two-factor authentication and monitoring which devices and web browsers are signed in or linked to your account.
Other Dropbox Security Features
Two-factor authentication works as an additional layer of protection to your login. You must enter a security key or code when prompted to finish logging into your account. Without two-factor authentication, you’ll only need your username and password. Two-factor authentication helps keep unwanted users from accessing your data if either of those is compromised.
Monitoring which web browsers you’ve used to log in to your Dropbox account helps with awareness and can be an indicator if someone you don’t know has access to your account. At a minimum, it’s good internet security practice to minimize the number of web browsers you’re signed in on and to delete the ones that haven’t been accessed in several weeks or longer.
Like web browsers, if a device has access to your account that you don’t recognize, you can delete it. Both web browsers and devices are in the security section of your account settings.
Dropbox is no stranger to embarrassing and harmful data breaches and missteps. In 2011, an update Dropbox pushed to its software allowed anyone to access Dropbox accounts with only an email. Dropbox quickly pushed a patch to fix it, but not before an uproar and some damaged accounts.
Another Dropbox security breach in 2012 saw Dropbox as the victim of a data leak that exposed the emails and passwords of over 68 million users. It took four years before Dropbox admitted the leak impacted more than just users’ emails.
In 2017, a programming mistake led to deleted files reappearing in some users’ accounts, including data from over six years prior. Last year, hackers gained access to 130 of Dropbox’s code repositories.
Most of the Dropbox servers are in the U.S. Additionally, Dropbox’s corporate headquarters are located in the U.S. Dropbox does operate servers in the EU, U.K., Australia and Japan, but you don’t get a choice of where Dropbox stores your data. It’s not entirely clear how Dropbox decides where your data goes, but the location of your IP address is a factor.
Using a VPN when creating and accessing Dropbox can help put your data on servers outside of the U.S. This is especially relevant if you are concerned about U.S. privacy laws that favor the government (such as the Patriot Act and Freedom Act).
How Has Dropbox Shored Up Its Security Issues?
Partially in response to the backlash Dropbox received from data breaches and self-inflicted mistakes, it posted an in-depth security whitepaper and addressed its security stance and improvement efforts through a series of blog posts.
Dropbox maintains a dedicated webpage of security blog posts that provides transparency and information on the steps it takes to protect your account and data. However, as long as Dropbox has access to your account, the potential for another data leak or breach exists.
Best Practices to Protect Your Dropbox Files
Even with Dropbox’s overall strong security, you can take steps to keep your account secure. Practicing common sense internet safety habits is one of the best ways to protect your Dropbox files:
- Don’t use easy-to-guess passwords.
- Frequently change your password.
- Enable two-factor authentication.
- Keep your system and applications updated for the latest security settings.
If you use Dropbox Business, you will have access to private encryption, perhaps as early as this year. Until then, and for Dropbox personal users, we can’t recommend storing sensitive or confidential data on your account. However, third-party encryption software is an option.
Third-party encryption software enables private encryption on your device before you transfer data to and from your Dropbox account. This is what Boxcryptor does (and why Dropbox purchased the company). Although you can no longer create a Boxcryptor account, there are plenty of options to choose from in our list of the best third-party encryption software.
Top 3 Dropbox Alternatives
Dropbox may be one of the original cloud storage services, but it isn’t the only option and, for some, there may be better choices. Here are three alternatives to Dropbox to consider.
- Excellent security
- Private encryption
- Slower sync speeds
Sync.com offers private encryption for all accounts, even its free ones. This is something that Dropbox can’t claim, which makes Sync.com an excellent choice as a secure and private cloud storage option. Sync.com has great file sharing and versioning, as our Sync.com review details.
Another feature of Sync.com is its vault, which functions as a bare-bones cloud backup of your account. It won’t replace a full cloud backup service, but is a nice addition to your account. In our Sync.com vs Dropbox article, we compare the services, which will help you make an informed decision between the two. Try Sync.com for yourself with its 5GB free plan.
- Price per user
- Price per user
- Unlimited GB
- Zero-knowledge encryption
- Fast syncing
- EU & U.S. data centers
- Private encryption costs extra
- No document integration
pCloud positions itself as a solid Dropbox alternative (check out our pCloud vs Dropbox to see how we compare the two providers). pCloud uses the same security features as Dropbox for data at rest and in transit. All pCloud accounts can get access to an encrypted folder which is zero-knowledge. However, this feature costs extra, even with pCloud’s paid accounts.
As a Swiss-based company, pCloud account holders that choose the EU data region enjoy some of the best privacy laws in the world. pCloud’s other data center resides in Dallas, Texas. However, no matter where you live, you can choose the U.S. or EU data center upon sign-up or request pCloud transfer your data (for a one-time fee). Read the full pCloud review or sign up for its free plan that comes with 10GB.
- Price per user (minimum 3)
- Price per user (minimum 3)
- Zero-knowledge encryption
- Encrypted sharing links
- Plenty of free storage
- High prices for paid plans
- Not good for collaboration
MEGA offers two features that Dropbox can’t compete with: private encryption on all accounts and a free account that comes with 20GB of storage (ten times more than Dropbox’s 2GB free account). Perhaps the most important thing to remember with a MEGA account is not to lose your login information. If you do, MEGA can’t help you, as it cannot access your data.
As we highlight in our MEGA vs Dropbox article, privacy is MEGA’s main focus. As private and secure as a MEGA account is, it could be better for collaboration and productivity, even between MEGA users. Additionally, MEGA does not boast many third-party integrations, which is a common trade-off for strict privacy and security. Read the full MEGA review or try the MEGA free plan for yourself.
- File transfer: 2TB (Monthly plan) 24TB (yearly plan)
- File transfer: (monthly plan) 96TB (yearly plan)
- File transfer: 16TB (monthly plan) 192TB (yearly plan)
- Price per user (minimum 3)
- Unlimited GB
Final Thoughts: Dropbox Security Issues
Dropbox has suffered some embarrassing mistakes that exposed its users’ data and successful data breaches executed by cybercriminals. It’s no surprise that in 2014, Edward Snowden advocated the use of SpiderOak instead of Dropbox. To its credit, Dropbox shored up its security vulnerabilities, and for most users, it is a safe and secure cloud storage experience.
How confident are you in Dropbox’s security? Did you use Dropbox and leave it for another cloud storage provider? If you’re with Dropbox now, do its past security issues concern you? Let us know in the comments section below, and thank you for reading.