How safe are my files on Dropbox?

How to protect your personal data in Dropbox

Peter Stelzel-Morawietz

Dropbox was already popular when the online storage systems Google Drive and Microsoft Skydrive were still largely unknown. PC-WELT reveals how you can secure your Dropbox data in the cloud.

EnlargeNot least because of its reliability and the many additional functions via apps, the online storage Dropbox is extremely popular - but it is not inherently secure.

Online storage is incredibly useful because you have your data to hand practically anywhere, anytime. This applies in particular to the US service Dropbox, which is also widely used in Germany due to its early start, reliability and numerous extensions. Among other things, the cloud provider enables data to be synchronized online on multiple PCs and mobile devices.

However, such services have been criticized for their security, and not only since the NSA affair became known in the summer of 2013. Because attacks on data on the Internet are not just from the government. In company networks, infected data that spreads across the firewall in the network pose a security problem. There are already regular attack tools such as DropSmack.

The Stiftung Warentest has therefore even warned against cloud storage with regard to data security and data protection. PC-WELT explains that you configure your Dropbox as securely as possible and protect your data from unauthorized access.

More security through double authentication

By default, as with most web services, Dropbox only requires a simple login with a password. But it is insecure because most people do not use really secure access codes. Worse still, it is still widespread to use one and the same password for various online accounts. If hackers break into a company and steal access data there - as happened a million times at the software company Adobe in the fall - other accounts are often cracked as well.

20 GB Dropbox storage for free - that's how it works

In addition to an individual password, you can secure your Dropbox access with two-factor authentication. Then not only is the password sufficient, you need an additional code.

EnlargeDropbox offers an optional two-factor login. Then the password is no longer sufficient to log in, a newly generated smartphone code is also required.

Here's how it works: Log in to the Dropbox website with your account details, click on your name and "Settings" in the top right corner. Now switch to the “Security” tab. The “Two-stage check” function appears here, which is deactivated at the factory. You can switch it on using the "Activate" button: When setting up, you have the two options of either sending the security code to your mobile phone via SMS or having it generated via an app on your mobile device - for example using the Google Authenticator, which is for Android , iOS and BlackBerry is available. With the SMS option, you can even enter a second cell phone number in case you lose your cell phone. In the final setup step, the system displays a 16-digit security code that can only be used once so that personal data can be accessed in an emergency even without two-factor authentication. Please print it out and keep it in a safe place.
After clicking on "Activate two-step verification -> Done", you will not only have to enter your password every time you log in to Dropbox, but also the newly sent or generated six-digit additional code.

EnlargeBoxcryptor automatically encrypts all data on cloud storage such as Dropbox, Google Drive or Microsoft Skydrive. Access to your data is almost impossible.

Encrypt data in cloud storage

The data in your Dropbox is protected by online access, but stored in the cloud is unencrypted. So if anyone gets access to your Dropbox account, they can also see your data. The additional program Boxcryptor promises more security, which encrypts all data in the online storage according to the Advanced Encryption Standard (AES) with a key length of 256 bits.

In addition to the Windows version, Boxcryptor is available in free versions for Mac OS X, Linux and Chrome OS as well as for the mobile operating systems Android, iOS and Windows RT. So you can access your encrypted Dropbox even on the go.

When setting up Boxcryptor, take over the default settings and finally reboot the PC. After the restart, log in with your Boxcryptor account or, if necessary, create one using the "Register" link. Boxcryptor then creates a drive in which all encrypted data is stored. If you had already installed Dropbox before Boxcryptor, your account is already encrypted. Otherwise, link your Dropbox account with Boxcryptor: To do this, click on the Boxcryptor drive and on "Boxcryptor -> Settings -> Storage locations" and activate the Dropbox entry.

You don't have to worry about anything further on, as Dropbox takes care of the synchronization and Boxcryptor takes care of the encryption.

EnlargeIn the Dropbox client on the Windows PC, you can set which folder should be mirrored in the cloud. Highly sensitive data does not belong in there.

Store data sparingly in the cloud

With all the advantages, not everything really belongs in the cloud. After all, you probably don't need the contract for your private liability insurance on your mobile phone when you are out and about. You specify the main storage folder for each individual computer when you install the Dropbox tool. If you want to change it later, go to the settings of the Dropbox program and switch to the "Advanced" tab. There you can change the directory using the "Move" button. In addition, the “Selective synchronization” function can be used to set which folders in the cloud storage should be synchronized with the respective PC and which should not.

So do not put any highly sensitive data in the Dropbox, in case of doubt it is better to transport it - also encrypted, of course - on a USB stick. An alternative is your "own cloud", implemented via a network hard drive or simply a USB storage device connected to the Fritzbox at home.