What to do if there is two-factor authentication. Multi-factor (two-factor) authentication

Apple ID two-factor authentication is new technology providing security for the account, ensuring that access to it will be provided only to its owner. Moreover, even if someone else knows the password characters for the account, he will still not be able to log in to the system instead of the legal owner of the ID.

The use of this technology provides access to your account exclusively from trusted devices - iPhone, tablet or MacBook. When logging in for the first time on a new gadget, you will need to specify two types of data - password characters and a verification code in a 6-digit format. Code symbols are automatically updated on these devices. After driving it in new gadget will be considered trusted. Let's say if in availability of iPhone, when logging into your account for the first time on a newly purchased MacBook, you will need to enter the password characters and a verification code, which will automatically pop up on the iPhone display.

Since password characters are not enough to access an account, other types of verification are also used, the security indicator of the ID number is significantly increased.

After logging in, the code will no longer be requested on this device until you log out and all information on the gadget is erased or the password characters need to be changed (also for security purposes). If you log in via the network, you can make the browser trusted and the next time you work with the same device you won’t need to enter the code.

Proven gadgets: what are they?

This cannot be any “Apple” device - only iPhones, iPads with Touch operating system version 9 or newer, as well as MacBooks with Capitan operating system or more recent ones. The systems of these gadgets must be logged in using 2-factor verification.

In short, this is a device about which Apple knows for sure who it belongs to, and through which you can verify your identity by showing a confirmation code when logging in from another gadget or browser.

Verified phone numbers

These are the ones that can be used to receive confirmation codes via text messages or calls. You must confirm at least one number to access 2-factor identification.

You can also confirm other numbers - home, or friend/relative. When there is temporarily no access to the main one, you can use them.

Setting rules

If the device has OS version 10.3 or older, the algorithm of actions will be as follows:

• Go to the settings section, to the password and security item.
• Click on the section to enable 2-factor identification.
• Click on the continue option.

If the gadget has OS 10.2 or earlier, the steps will be as follows:

• Go to iCloud settings.
• Select your ID number and go to the security password section.
• Click on the option to enable 2-factor authentication.
• Clicking on the continuation element.

How to disable two-factor authentication in Apple ID?

Many people are wondering if this technology can be turned off. Of course yes. But remember that after switching off, the account will be weakly protected - only with password symbols and questions.

To disable it, you will need to log in to the edits item on your account page (in the security tab). Then click on the shutdown section two-factor identification. After setting new security questions and agreement with the specified date of birth, the technology is deactivated.

If someone reactivates it for an ID without the knowledge of the rightful owner, it will be possible to disable it via e-mail. Next, as before, you need to click on the disable authentication section at the very bottom of the message that you received earlier by e-mail. The link will be active for another two weeks. Clicking on it will allow you to restore your previous ID security settings and control over your account.

The additional user verification function completely controls all attempts to log into your account and use of applications: find out how to use it correctly and how to turn it off on your Apple device two-factor authentication in Apple ID.

One of the main advantages Apple is approach to security and privacy policy user information.

Two-step authentication is one of the modern techniques for achieving the maximum level of security in logging into your account.

The company uses this technology to verify the owner of the gadget when trying to log into an account. Multi-level authentication is a 100% guarantee that only its owner will have access to the system.

Operating principle. Difference in operation of authentication and verification

Activated function multi-level authentication perfectly protects your account from hacking and unauthorized entry by other users.

Only the owner of the ID will be able to log in, because the system will require you to enter two types of data:

• Apple ID password;
• Digital code, which will be sent to all trusted devices - it is proof of legal authorization.

Example: You decide to log in from any browser or client program. For this action you need to enter your username and password. After authorization, you will not be able to log into your account - you must additionally enter a code that confirms authorized entry.

Required code displayed on all gadgets linked to Apple ID. Enter the numbers into the iCloud authentication window to access your profile.

A visual diagram of how the function works is shown in the figure:

After the first correct input code, you will no longer be prompted to enter numbers after next inclusions BY. Re-authentication only required in a few cases:

• When resetting;
• At re-entry V.

Also, the constant introduction of digital codes is mandatory for functions that have an increased degree of security - changing smartphone settings, deleting system parameters and others.

Verification and authentication. What is the difference?

It is important to distinguish between concepts two-step verification And two-factor authentication since they have similar action, but different meaning.

Examination was implemented and introduced into Apple gadgets back in 2015. The main purpose of the option is additional control. Verification is available starting from iOS firmware 9.

Authentication - This is an advanced version of the check. Apple has improved the function and introduced new security management systems into it. In particular, working with location. The principle of working with cards is to mark “safety” points.

Each person regularly visits the same places, so on the map you can definitely select several points from which you can easily log in.

If the entry is made outside these points, trusted devices a verification code and a warning about possible actions intruder.

As you can see, authentication is indeed a more automated and reliable method of identity control.

The task of verification is to send a code to a trusted gadget, and authentication also analyzes the location of the device and warns the owner about possible danger.

Feature Requirements

Multi-level authentication is designed for the following gadgets:

Disable authentication

Disabling authentication will allow you to no longer enter additional codes access. You won't have to confirm your location either. Follow the instructions:

• Using a desktop browser go to the cloud storage page iCloud.com;
• Log in to the system- Enter login and password;
• Further type the access code into the text field that appears, which is shown on other gadgets;

• Press the key "Allow" in the window that appears on the mobile device;
• Next, the browser will automatically redirect you to the user page. If you are not included in the trusted list, on your mobile gadget click on "I trust this browser" and click on "Continue";

• After successful login, click on the tile "Settings". It is located on the main page of the desktop version of iCloud. Another option for entering settings is to select a user name in the right top corner. Next, in the drop-down list, click on « iCloud Settings» ;

• In the window that appears, press the button "Control". It is located next to the account owner's name;

• Next, you will be redirected to the Apple website. In a new window you need to log in by entering your username and password from;

• Go to your account management window and click on the tab "Safety"-"Change";

• Find the field "Disable Authentication" and select it. Next, confirm the action by entering the password, which will be sent to the trusted device.

The two-step authentication system is designed in such a way that to protect users as much as possible from all possible attempts hacking That's why for complete shutdown options, the developers have provided for the need to answer a block of questions that you specified.

Only after entering the correct answers into the text fields will you be able to deactivate the option.

Confirm disconnection:

Trusted devices

Verified device– this is any of your Apple devices. The only requirement is that all gadgets must be linked to one ID. It is on the basis of this binding that a group of trusted devices is created.

You will not be able to confirm authentication from a device that is not part of your Apple gadgets group.

Only one owner of a tablet or computer can work with two-step authentication.

List of trusted devices – this is a list of all gadget models to which it will be sent digital code to confirm your login to your Apple ID or app.

You can view this list in the application itself in the Devices tab.

Trusted numbers

Trusted numbers– this is a list of operator numbers cellular communications, which will receive a digital access code for authentication. Messages can come not only in text form, but also in the form of a call from an Apple robot.

When setting up multi-level authentication for the first time, you must specify at least one real phone number.

To add a number, you need to enter it in the field and confirm. As confirmation, enter the code sent to the number in the window that appears.

A SIM card with an associated number must be installed in a trusted device. Otherwise, verification codes will not be received.

What data do you need to remember?

It's important to remember that two-factor authentication is a whole range of actions aimed at protecting your data.

For full operation of the function You will need to remember or write down the following information:

• Account login and password;
• Custom codes for programs– digital access identifiers that you have independently set in your account;
• Primary key is a set of letters and numbers that is automatically generated after enabling the option. You will need it if you lose access to all trusted numbers and devices.

Be sure to screenshot your master key and move it to a folder on your PC or other device. Also, the code can be written down on a flash drive or piece of paper.

Store this data in this way so that no one can find and use universal key.

We also recommend doing timely updates trusted numbers. If you change your SIM card, don't forget to enter the new number into your Apple ID. Otherwise, access to the identifier may be lost.

Monitor the physical security of your devices.

Do not leave your smartphone unattended near strangers and use the fingerprint scanner to restrict unlocking of the gadget.

It is important to protect yourself not only from virtual ID hacking, but also from unauthorized access of other people to your phone/tablet.

Enabling the feature

Activating the feature will only take a few minutes.

As a result, you will receive an additional security factor that will protect the data in the device memory, installed programs and in cloud storage.

On iPhone and iPad

Follow the instructions to enable authentication on your iPhone:

1 Open your phone settings window;

2 Go to the iCloud field;

3 Click on the item "Password»;

4 Select “Set up 2-factor authentication”;

5 Enter the code that will be sent to your trusted devices and complete the setup. Write the universal key onto physical media.

On Mac OS

On Mac OS, two-step user authentication is only available in El Capitan and newer firmware operating system:

1 Go to the window system settings ;

2 Click on the iCloud field and start the account data editing mode;

3 In a new window Click on "Safety". Next, the system will require you to enter the password for the identifier;

4 Click on the key "Set up authentication", which is located at the bottom of the window. Confirm the digital code that will appear on all devices linked to your Apple ID.

Alternative receipt of notifications

Receive access codes m Available not only on trusted devices, but also to the Find iPhone service.

You can set this parameter in Apple settings ID (Security-Send access codes).

As a result, the verification code will be sent not only to trusted devices, but also to .

Thus, in one window you will be able to monitor login attempts from suspicious locations and view the access code.

This option only works with authentication. It is not possible to work with cards for verification purposes.

Benefits of Multi-Level Authentication

Any Apple ID stores not only information about linked devices, but also credit card data and personal information of users.

Many people store scans of documents and other things in the cloud. important information, theft of which can lead to irreversible consequences.

If you want to always be sure that your information is safe, use two-factor authentication. Feature benefits:

• Single organization security of all gadgets from Apple;
• Advanced function control settings;
• Guaranteed protection against all levels and types of hacking.

Disadvantages in the function

Despite all the obvious advantages regarding the security of gadgets, multi-level authentication complicates the life of users - remembering keys, The possibility of losing a number or a trusted device creates a number of problems:

• Together with multi-level authentication It is impossible to use third-party software. For example, iMobie AnyTrans or the popular PhoneRescue utility;
• Difficulty logging into iCloud– due to a flaw in the option, users often encounter system errors even after correct access key water cloud storage;
• Working with a cellular network. If you are in an area with poor coverage, authentication may not work;
• Linking to codes. The verification can only be carried out if you have a second gadget at hand that is linked to the same Apple ID as the first device.

If in this moment If you don’t have a second gadget near you, you can use a permanent key, which is stored in your account settings, but in practice, users very rarely write down or remember it.

Two-factor authentication is based on the use of not only the traditional login-password combination, but also an additional level of protection - the so-called second factor, the possession of which must be confirmed in order to gain access to account or other data.

The simplest example of two-factor authentication that each of us constantly encounters is withdrawing cash from an ATM. To receive money, you need a card that only you have and a PIN code that only you know. Having obtained your card, the attacker will not be able to withdraw cash without knowing the PIN code, and in the same way will not be able to receive money if he knows it, but does not have the card.

The same principle of two-factor authentication is used to access your accounts on social networks, mail and other services. The first factor is the combination of login and password, and the second factor can be the following 5 things.

SMS codes

Ken Banks/flickr.com

Confirmation with via SMS-codes work very simply. As usual, you enter your username and password, after which an SMS with a code is sent to your phone number, which you need to enter to log into your account. This is all. The next time you log in, a different SMS code is sent, valid only for the current session.

Advantages

• Generate new codes every time you log in. If attackers intercept your username and password, they will not be able to do anything without the code.
• Link to a phone number. Login is not possible without your phone number.

Flaws

• When there is no signal cellular network you will not be able to log in.
• There is a theoretical possibility of number substitution through the service of the operator or employees of communication stores.
• If you log in and receive codes on the same device (for example, a smartphone), then the protection ceases to be two-factor.

Authenticator apps

authy.com

This option is in many ways similar to the previous one, with the only difference being that, instead of receiving codes via SMS, they are generated on the device using a special application (Google Authenticator, Authy). During setup, you receive a primary key (most often in the form of a QR code), on the basis of which one-time passwords with a validity period of 30 to 60 seconds are generated using cryptographic algorithms. Even if we assume that attackers can intercept 10, 100, or even 1,000 passwords, they can use them to predict what the next password, is simply impossible.

Advantages

• The authenticator does not require a cellular network signal; an Internet connection is sufficient during initial setup.
• Supports multiple accounts in one authenticator.

Flaws

• If attackers gain access to primary key on your device or by hacking the server, they will be able to generate future passwords.
• If you use an authenticator on the same device you are logging in from, you lose two-factor functionality.

Login verification using mobile applications

This type of authentication can be called a hodgepodge of all the previous ones. In this case, instead of asking for codes or one-time passwords, you must confirm the login from your mobile device with installed application service. Stored on the device private key, which is checked on every login. This works on Twitter, Snapchat and various online games. For example, when you log into your Twitter account in the web version, you enter your username and password, then a notification arrives on your smartphone asking you to log in, after confirming which your feed opens in the browser.

Advantages

• You don't need to enter anything when logging in.
• Independence from the cellular network.
• Supports multiple accounts in one application.

Flaws

• If attackers intercept your private key, they can impersonate you.
• The point of two-factor authentication is lost when using the same device to log in.

Hardware tokens

yubico.com

Physical (or hardware) tokens are the most in a reliable way two-factor authentication. Being separate devices, hardware tokens, unlike all the methods listed above, will under no circumstances lose their two-factor component. Most often they are presented in the form of USB key fobs with own processor, which generates cryptographic keys that are automatically entered when connected to a computer. The choice of key depends on the specific service. Google, for example, recommends using FIDO U2F tokens, prices for which start at $6 excluding shipping.

Advantages

• No SMS or apps.
• No mobile device required.
• It is a completely independent device.

Flaws

• Need to buy separately.
• Not supported in all services.
• When using multiple accounts, you will have to carry a whole bunch of tokens.

Backup keys

In fact, this is not a separate method, but a backup option in case of loss or theft of a smartphone, which receives one-time passwords or confirmation codes. When setting up two-factor authentication in each service, you are given several backup keys for use in emergency situations. With their help, you can log into your account, unlink configured devices and add new ones. These keys should be stored in a safe place, and not as a screenshot on a smartphone or text file on the computer.

As you can see, there are some nuances in using two-factor authentication, but they seem complicated only at first glance. What should be the ideal ratio of protection and convenience, everyone decides for themselves. But in any case, all the troubles are more than justified when it comes to the security of payment data or personal information, not intended for prying eyes.

You can read where you can and should enable two-factor authentication, as well as which services support it.

Attention. Applications developed in Yandex require a one-time password - even correctly created application passwords will not work.

1. Login using QR code
2. Transfer of Yandex.Key
3. Master password

Login to a Yandex service or application

You can enter a one-time password in any form of authorization on Yandex or in applications developed by Yandex.

Note.

You must enter the one-time password while it is displayed in the application. If there is too little time left before the update, just wait for the new password.

To get a one-time password, launch Yandex.Key and enter the PIN code that you specified when setting up two-factor authentication. The application will start generating passwords every 30 seconds.

Yandex.Key does not check the PIN code you entered and generates one-time passwords, even if you entered your PIN code incorrectly. In this case, the created passwords also turn out to be incorrect and you will not be able to log in with them. To enter the correct PIN, just exit the application and launch it again.

Features of one-time passwords:

Login using QR code

Some services (for example, home page Yandex, Passport and Mail) allow you to log into Yandex by simply pointing the camera at the QR code. At the same time, your mobile device must be connected to the Internet so that Yandex.Key can contact the authorization server.

Click on the QR code icon in your browser.

If there is no such icon in the login form, it means this service You can only log in using a password. In this case, you can log in using the QR code in your Passport and then proceed to the right service.

Enter your PIN code in Yandex.Key and click Login using QR code.

Point your device's camera at the QR code displayed in the browser.

Yandex.Key will recognize the QR code and send your login and one-time password to Yandex.Passport. If they pass the verification, you are automatically logged in to the browser. If the transmitted password is incorrect (for example, because you entered the PIN code incorrectly in Yandex.Key), the browser will show standard message about the wrong password.

Logging in with a Yandex account to a third-party application or website

Applications or sites that need access to your data on Yandex sometimes require you to enter a password to log into your account. In such cases, one-time passwords will not work - you need to create a separate application password for each such application.

Attention. Only one-time passwords work in Yandex applications and services. Even if you create an application password, for example, for Yandex.Disk, you will not be able to log in with it.

Transfer of Yandex.Key

You can transfer the generation of one-time passwords to another device, or configure Yandex.Key on several devices at the same time. To do this, open the Access Control page and click the button Replacing the device.

Several accounts in Yandex.Key

The same Yandex.Key can be used for several accounts with one-time passwords. To add another account to the application, when setting up one-time passwords in step 3, click the icon in the application. In addition, you can add password generation to Yandex.Key for other services that support such two-factor authentication. Instructions for the most popular services are given on the page about creating verification codes not for Yandex.

To remove an account link to Yandex.Key, press and hold the corresponding portrait in the application until a cross appears to the right of it. When you click on the cross, the account linking to Yandex.Key will be deleted.

Attention. If you delete an account for which one-time passwords are enabled, you will not be able to obtain a one-time password to log into Yandex. In this case, it will be necessary to restore access.

Fingerprint instead of PIN code

A fingerprint can be used instead of a PIN code on the following devices:

smartphones under Android control 6.0 and a fingerprint scanner;

iPhone starting from model 5s;

iPad starting with Air 2.

Note.

On iOS smartphones and tablets, the fingerprint can be bypassed by entering the device password. To protect against this, enable a master password or change the password to a more complex one: open the Settings app and select Touch ID & Passcode.

To use enable fingerprint verification:

Master password

To further protect your one-time passwords, create a master password: → Master Password.

With a master password you can:

make it so that instead of a fingerprint, you can only enter the Yandex.Key master password, and not the device lock code;

Backup copy of Yandex.Key data

You can create a backup copy of the Key data on the Yandex server so that you can restore it if you lose your phone or tablet with the application. The data of all accounts added to the Key at the time the copy was created is copied to the server. More than one backup copy cannot be created; each subsequent copy of data for a specific phone number replaces the previous one.

To retrieve data from a backup, you need to:

have access to the phone number that you specified when creating it;

remember the password you set to encrypt the backup.

Attention. The backup copy contains only the logins and secrets necessary to generate one-time passwords. You must remember the PIN code that you set when you enabled one-time passwords on Yandex.

It is not yet possible to delete a backup copy from the Yandex server. It will be deleted automatically if you do not use it within a year after creation.

Creating a Backup

Select an item Create a backup in the application settings.

Enter the phone number to which the backup will be linked (for example, "380123456789") and click Next.

Yandex will send a confirmation code to the entered phone number. Once you receive the code, enter it in the application.

Create a password that will encrypt the backup copy of your data. This password cannot be recovered, so make sure you don't forget or lose it.

Enter the password you created twice and click Finish. Yandex.Key will encrypt the backup copy, send it to the Yandex server and report it.

Restoring from a backup

Select an item Restore from backup in the application settings.

Enter the phone number you used when creating the backup (for example, "380123456789") and click Next.

If for specified number a backup copy of the Key data has been found, Yandex will send a confirmation code to this phone number. Once you receive the code, enter it in the application.

Make sure the date and time the backup was created, as well as the device name, matches the backup you want to use. Then click the Restore button.

Enter the password you set when creating the backup. If you don't remember it, unfortunately, it will be impossible to decrypt the backup.

Yandex.Key will decrypt the backup data and notify you that the data has been restored.

How one-time passwords depend on precise time

When generating one-time passwords, Yandex.Key takes into account current time and time zone set on the device. When an internet connection is available, the Key is also prompted exact time from the server: if the time on the device is set incorrectly, the application will make an adjustment for this. But in some situations, even after correction and with the correct PIN code, the one-time password will be incorrect.

If you are sure that you are entering your PIN code and password correctly, but you cannot log in:

Make sure your device is set to the correct time and time zone. After that, try logging in with a new one. one-time password.

Connect your device to the Internet so that Yandex.Key can get the exact time on its own. Then restart the application and try entering a new one-time password.

If the problem is not resolved, please contact support using the form below.

Leave feedback about two-factor authentication

You may not realize it, but you use two-factor authentication regularly. When you transfer money online from your debit card, you are asked to enter a password or confirmation code from SMS? This is also a form of two-factor authentication.

Two-factor authentication requires two ways to verify your identity and can also be used to protect various online identities. This isn't perfect security and requires an extra step when logging into your accounts, but it does make your data safer online.

How does two-factor authentication work on the Internet?

Two-factor authentication (2FA), also known as two-factor authentication or multi-factor authentication, is widely used to add another layer of security to your online accounts. The most common form of two-factor authentication when logging into an account is the process of entering a password and then receiving a code via SMS to your phone, which you then enter into a website or app. The second level of two-factor authentication means that a hacker or other nefarious person would have to steal your password along with your phone in order to gain access to your account.

There are three types of authentication:

• Something you know: password, PIN, zip code, or answer to a question (mother's maiden name, pet's name, etc.)
• Something you have: a phone, credit card and so on.
• Something biometric: fingerprint, retina, face or voice.

How does the second factor work?

After entering the password (the first factor of authentication), the second factor usually arrives via SMS. That is, you will receive a text with a numeric code that you will need to enter to log into your account. Unlike a debit card PIN, a 2FA code is only used once. Each time you log into this account, you will be sent a new code.

Alternatively - you can use special application authentication to receive codes instead of sending them in text mode. Popular authentication apps are Google Authenticator, Authy, and DuoMobile.

Which is better to use SMS or app?

Many sites and services, including Amazon, Dropbox, Google and Microsoft, give you the option to use SMS or an app for authentication. Twitter is the most prominent example of a site that forces you to use SMS. If you have a choice, use an authentication app.

Receiving codes via SMS is less secure than using an authentication app. A hacker could intercept a text message or hijack your phone number and convince your carrier to transfer it to another device. Or if you are syncing text messages with a computer, a hacker can gain access to SMS codes by stealing your computer.

An authentication app has the advantage of not having to rely on your operator. The codes are sent to your phone based on a secret encryption algorithm and the current time. Codes expire quickly, usually after 30 or 60 seconds.
Because the authentication application doesn't need a statement mobile communications to transfer codes, they will remain in the application, even if a hacker manages to transfer your number to new phone. The authentication app also works when you don't have cellular network - that's an added bonus.

Using the authentication app requires a small additional settings, but provides better protection than SMS. To set up an authentication app, you need to install the app on your phone and then set up a shared secret token (a long string of code) between the app and your accounts. This is usually done by scanning a QR code with your phone's camera. However, once set up, the authenticator app eliminates the need for you to enter a code; you simply tap the app notification to log into one of your accounts.

What if I don't have a phone?

Many online services, such as Dropbox, Facebook, Google and Instagram, allow you to create backup codes that you can print or take a screenshot of. This way, if you lose your phone or don't see a signal cell station, you can use backup code as a second authentication factor for login. Just make sure you keep a printout of the backup codes in a safe place.

Will 2FA make my accounts more secure?

No security product can claim to be perfect, reliable protection, but by combining two of the three above-mentioned authentication types, 2FA makes it difficult for anyone to access your account. Not only do you make it more difficult for attacks on your accounts, but you also make your accounts less attractive to hackers.

Think of it as protecting your home. if you have home system security, you reduce the likelihood of burglary. If you have a loud, large dog, you also reduce the likelihood of burglary. If you combine a security system with a large dog, then your home becomes even harder to break into and will be a less attractive target. Most robbers will simply find more easy option, without alarms and the possibility of a dog bite.

Likewise, two-factor authentication prevents most hackers from targeting your account. Many will simply move on and find easier accounts to hack. And if they're targeting you, they'll need more than just your password. In addition to your password, the hacker will also need your phone, or access the tokens installed on your phone through an authentication mechanism using a phishing attack. malware or activating account recovery, where your password is reset and 2FA is then disabled. This is additional and difficult work.

How much more of a hassle is using 2FA?

I don't know if I would call it a hassle or not, but 2FA does require an extra step when logging into your accounts. You will need to enter your password, wait for the code to arrive via SMS, and then enter the code. Or, if you're using an authentication app, you'll need to wait for a notification you can tap to confirm that you are you.

I use 2FA authentication on many of my online accounts and find it less hassle than using strong password or passphrase, which combines upper and lower case letters, numbers, and symbols. And while I'm talking about strong passwords, let me state that using 2FA as an excuse to use weaker, easier-to-type passwords is a bad idea. Don't weaken your first protection factor just because you added a second one.

How to enable 2FA?

Many sites and services offer 2FA, but call it by different names. Below are quick ways enabling two-factor authentication in some of the most popular online services.

Dropbox.
Click on your name at the top right of your Dropbox account and go to Settings > Security and you will see the status listed at the top of the page for two-step verification. Next to the "Disabled" status, click the link (click to enable), and then click the "Where to start" button. You can then set up to receive verification codes via SMS on your phone or in an app like Google Authenticator. additional information see Dropbox instructions.

Facebook.
Click the triangle button in the top right corner, select Settings > Security, and click Edit to the right of Login Confirmation. Then click "Enable" next to where it says, "Two-factor authentication is currently disabled." For getting additional information look