Dropbox account safety: how Dropbox keeps your files secure (original) (raw)
- Dropbox Help Center - How to use Dropbox
- Security
- How security works
...
person icon
The information in this article applies to all Dropbox customers.
At Dropbox, safety is our number one priority. To keep your files safe, Dropbox is designed with multiple layers of protection, distributed across a scalable, secure infrastructure. These layers of protection include:
- Dropbox files at rest are encrypted using 256-bit Advanced Encryption Standard (AES)
- Dropbox uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data in transit between Dropbox apps and our servers
- SSL/TSL creates a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption
- Dropbox applications and infrastructure are regularly tested for security vulnerabilities, and hardened to enhance security and protect against attacks
- Two-factor authentication is available for an extra layer of security at login
- If you use two-factor authentication, you can choose to receive security codes by text message or from an authenticator app
- Public files are only viewable by people who have a link to the file(s)
- Advanced key management and end-to-end encryption are available to provide an extra layer of security
Not using Dropbox yet? See how Dropbox cloud security keeps you safe.
Dropbox users can access their files and folders at any time through the desktop, web, and mobile clients, or through applications connected to Dropbox. All of these clients connect to secure servers to provide access to files, allow file sharing with others, and update linked devices when files are added, changed, or deleted. The Dropbox service operates various services that are responsible for handling and processing both metadata and raw block storage.
Here's a diagram of how the service works:
I'm a security researcher, and I found a vulnerability with Dropbox. How do I report a Dropbox security issue?
highlighter icon
Note: This section is for security researchers only. If you're a Dropbox user and you feel your account has been compromised or hacked, please contact Dropbox Support.
Our responsible disclosure policy promotes the discovery and reporting of security vulnerabilities. If you're a security researcher and you think you've found a vulnerability with Dropbox, do the following:
- Report any potential security bugs and vulnerabilities to us on the third-party service Bugcrowd.
highlighter icon
Note: Don't use the Bugcrowd service if you're a Dropbox user and you think your account may have been compromised or hacked. Instead, please contact the Dropbox Support team.
- Give us reasonable time to respond before making any information about the security issue public.
- Don't access or modify user data without permission of the account owner.
- Act in good faith not to degrade the performance of our services (including denial of service).
Dropbox won't sue you or ask law enforcement to investigate if you comply with these instructions. Dropbox spotlights researchers who contribute to the security of Dropbox by recognizing them on Bugcrowd.
Encryption and private keys with Dropbox
Dropbox doesn't offer client-side encryption. Dropbox also doesn't support the creation of your own private keys. However, Dropbox offers end-to-end encryption and users are free to add their own encryption. There are many third party applications that provide encryption at both the file and container level. Visit our community forums for more information.
The security of your data is our highest priority and all files stored on Dropbox servers are encrypted. Learn more about Dropbox security.
Was this article helpful?
Thanks for your feedback!
Related Articles
Find our how Dropbox team users in the APAC region can choose to store their data on the Amazon Web Services cloud in Australia or Japan.
Dropbox advanced encryption is an advanced key management system that can encrypt your data. Learn how to use Dropbox advanced encryption.
If you log into Dropbox from another computer, device or a new location, you will receive a Dropbox login notification to verify your login.
Learn which identity providers Dropbox supports and how to configure your own identity provider solution.