Dropbox Vault, an extra secure part of the Dropbox cloud storage service designed for your most sensitive files, is about to be shut down.
First launched in 2020, Dropbox Vault was intended as a repository for files such as scans of your passport, health records, legal documents and other files you wouldn’t want falling into the wrong hands.
The Vault folder had an extra layer of protection, requiring users to enter a PIN code every time they tried to access the folder. That folder couldn’t be opened by third-party apps and if you downloaded a file from your Vault on to your Mac or PC, the file would be deleted the moment you re-locked your Vault.
Dropbox has since decided to discontinue the Vault feature, meaning that extra security layer is about to be removed. From March 4, the Dropbox Vault will effectively be treated like any other folder in your Dropbox, with no need to enter a PIN to access or download the files contained within it.
Beefing Up Dropbox Security
If you intend to keep sensitive documents stored in the Dropbox Vault folder after March 4, it’s more important than ever that you implement the maximum possible security on your main Dropbox account.
Firstly, the account should be protected with a unique, strong password that is ideally stored in a password manager such as Bitwarden, so that you don’t have to remember it.
Next, it’s crucial that you turn on two-factor authentication, reducing the chances of your account being compromised if someone does manage to access your Dropbox password.
Dropbox currently supports several methods of two-factor authentication including SMS, mobile authentication app and physical security keys. SMS is much less secure, because it’s relatively easy for fraudsters to trick cellular networks into handing over someone’s mobile phone number. My colleague Davey Winder recently reported that Google is phasing out SMS as a means of two-factor authentication because of fears over its security.
To switch on two-factor authentication in Dropbox:
- Log in at Dropbox.com
- Click on your profile icon and choose Settings
- Then click the Security tab
- Switch on two-step authentication and you’ll be asked to choose your preferred method during the setup procedure
Once you’ve switched on two-factor authentication it’s important to click the option to show your recovery codes. Print those codes and store them somewhere safe (ideally in a safe, but definitely in a separate location to your computer). You will need these recovery codes if, for some reason, you can no longer access your two-factor authentication device (because your phone has been stolen, for example).
If you haven’t got a strong password on your Dropbox account, you can also change that here in the security settings.
Dropbox Vault Security Flaws
The removal of the PIN protection isn’t the only security concern to affect Dropbox Vault during its relatively short history.
In 2020, I reported how a simple typo could inadvertently lead to sensitive files being sent to the wrong person because of the Vault’s option to share its contents with a trusted contact. At the time, users were only required to enter the email address of the trusted recipient once, meaning any typing error in the email address could lead to a stranger getting access to a stash of your most sensitive Dropbox documents.
