We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
nodesk
9 months agoHelpful | Level 5
Is there an ultimate recourse for 2FA deactivation ? (entirely locked out of my account)
Hi there, The situation is simple: I used to have dropbox and stopped using it years ago. Now i'd like to come back. I have lost access to my account and have no recovery option available at all....
- 9 months ago
Bumping the thread for future readers in search of a definitive/authoritative answer on that question.
Dropbox support finally gave me an unambiguous answer, and it's a no.
They do not have a process for unlocking accounts if you lose all your means of access as described in my original post. So, if you do, you're done.
Excerpt from the exchange I had with them (translated from the original language):
"""
For security reasons, we can't disable 2FA for you because your email address isn't proof enough of your identity. If you can't use your 2FA code and don't know you recovery codes, we can't help you in accessing your dropbox account
"""
Note that there is still some wiggle room where they say "your email address isn't proof enough", when I told them I could provide much, much more proof of identity and ownership of the account, BUT it seems to me that their internal processes stop there when it comes to account recovery for reasons other than death of a user (see prior messages in this thread for details on that).
Rich
9 months agoSuper User II
nodesk wrote:
Is there a team inside the Dropbox company that can, on a case-by-case basis, turn off 2FA for a lost account ?
You can try contacting Support, but without access to the emergency backup codes it's very unlikely that you'll be able to gain access to the account again. Ultimately, you enabled a system to prevent access to the account without an authorization code, and now you're trying to sign in without that code. It would be a pretty big security issue if Dropbox bypassed that.
To contact Support, visit the Support page while you're NOT signed in to a Dropbox account, including these forums, and you'll see an option for sign in issues. It's best to use an Incognito or Private browsing session to make sure you're not signed in.
- nodesk9 months agoHelpful | Level 5
Yes, you are correct on all points.
One thing that should be 100% impossible is for a company that says the user's data is encrypted with unknown-to-them keys, to be able to decrypt the data. Obviously, that would indicate they're not being truthful.
In this particular case though it's not about the data but rather about reseting the 2FA codes or disabling them entirely, which the company surely has the ability to do, although it may be entirely out of their procedure, which I would find perfectly understandable. As you said, that can open potential avenues for foul-play and not every company may want to have such a procedure exist at all, eventhough it would be technically possible.
One last thing to consider is: deceased person account recovery.
I unfortunately have had to go through that procedure myself not so long ago. Dropbox, like many companies (I don't know if it's a legal obligation or not), have procedures for people to recover access to deceased people's account, provided you can show legal proof that the person is indeed deceased and that you are a spouse, a heir or a person with legal authorisation to access the defunct's account.
In my family's case, we followed the procedure, and Dropbox did indeed provide us access to my relative's account eventhough it was a 2FA protected account that we didn't have access to.
So this is just another anecdotal but relevant information to drive the point that technically, they can do it.
But of course, in this case, I'm still alive and kicking 🙂
Anyways your point still stands. Thank your for your suggestions, I have a ticket open already.
Cheers 🙂
-----
For reference:
https://help.dropbox.com/en-en/account-settings/access-account-of-someone-who-passed-away
- nodesk9 months agoHelpful | Level 5
Bumping the thread for future readers in search of a definitive/authoritative answer on that question.
Dropbox support finally gave me an unambiguous answer, and it's a no.
They do not have a process for unlocking accounts if you lose all your means of access as described in my original post. So, if you do, you're done.
Excerpt from the exchange I had with them (translated from the original language):
"""
For security reasons, we can't disable 2FA for you because your email address isn't proof enough of your identity. If you can't use your 2FA code and don't know you recovery codes, we can't help you in accessing your dropbox account
"""
Note that there is still some wiggle room where they say "your email address isn't proof enough", when I told them I could provide much, much more proof of identity and ownership of the account, BUT it seems to me that their internal processes stop there when it comes to account recovery for reasons other than death of a user (see prior messages in this thread for details on that).
- JennSymons2 months agoNew member | Level 2
I have a similar situation. My dropbox account got hacked this morning. The hacker changed my password and also SET UP 2 factor authentication to go to THEIR authenticator app/phone. I did not previously have 2 factor set up. So now, anytime I try to reset my password, I get the first email with a 6 digit code from dropbox, but then can't get past the second layer saying to check my authenticator app for a code, since I wasn't the one who set that up....any experience with this?
In additon, the hacker has spammed hundreds of contacts with a dropbox link sending as me from dropbox AND changed my billing settings by setting up a "Pay App" dropbox account.
Super frustrating that support doesn't reply as a human. it simply sends bot links suggesting to login for more resources....wish i could! Please help, as this is my work account with thousands (10 years) or corporate photos.
About Security and Permissions
Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.
Need more support
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!