How does the two-step verification of WhatApps work

Protect important services with two-factor authentication

Benjamin Schischka

Whether on Google, Facebook or in Dropbox - many online accounts are full of sensitive data. With two-factor authentication, you lock out hackers. Even if they cracked your password.

EnlargeIf the hacker thinks he has cracked access to your account with your password, he will quickly be proved wrong thanks to two-factor authentication.

Secret readers rummage through your Gmail account, strangers post offensive Facebook posts on your behalf, and someone has deleted your vacation photos from your Dropbox - with some Internet services, a successful hacker attack can be very painful. Potentially millions of users were once again able to painfully experience this with the latest leak.

There is little more than your password between the hackers and these internet services. At some point even the best password is cracked - with bad luck (since the chance of cracking it also plays a role) sooner rather than later. Sometimes thieves don't even have to crack your password. It is sufficient if the service provider's password database falls into their hands and it is not adequately secured. Or your password is secretly read along with the keylogger when you enter it - a risk that is difficult to isolate, especially on third-party computers.

For these reasons, it is highly recommended that you set up a second barrier after the password for important online services: two-factor authentication. Annoying: The popular webmail provider in Germany and GMX do not offer two-factor authentication.

Better protect these accounts:

What is two-factor authentication?

The following happens with 2-factor authentication: You enter your name and password as usual to log in. The online service then asks you for a PIN, usually a six-digit number. You will receive this as an SMS on the mobile phone registered for this purpose or generate it yourself via the free app on your smartphone or tablet PC. Some providers also allow you to print out PIN lists - similar to the old TAN lists of your bank. But don't worry: you don't have to enter such a security code every time. On secure computers - such as your PC or laptop at home - you can choose to only be asked for the code the very first time. The very effective protection of two-factor authentication is that your password is useless in the hands of a hacker. The attacker also needs your smartphone or the printed list to get the security code.

Free apps for two-factor authentication

However, some disadvantages of two-factor authentication should not be concealed. When registering on a new device, you must always have your smartphone or the printed list with the codes to hand. For example, in order not to appear stupid in the dead zone because you cannot receive an SMS with the security code or to no longer have access to your accounts after the theft of your smartphone without the code creation app, we always recommend at least one alternative when setting up to specify. If the mobile phone with the app is lost or stolen, you can simply request a code SMS to be sent to your second mobile phone or your partner’s mobile phone. If that doesn't work either, pull out the slip of paper with the printed emergency PIN.

In addition, some applications cannot handle the six-digit security codes - such as Thunderbird or older Android phones. For such cases, each of the following providers has special passwords that you only need to enter once in the respective application. If the effort becomes too much for you after a while, the 2-factor authentication can also be deactivated again. If in doubt, you can try out the added security and switch it off again later. However, we advise you to keep it at least for sensitive accounts. An overview of services that support 2-factor authentication can be found at

How to secure the Dropbox with two-factor authentication

Log in to your account at and navigate to “Settings” using your username and then to the “Security” tab. Alternatively, use this link to get directly to the destination: Activate the “two-step verification” there and click on “First Steps” in the new window. You will now be asked to enter your password again. There are two options to choose from:

  • By texting
    You will receive the necessary security codes in addition to the password as an SMS on your mobile phone. Attention: There may be additional costs per SMS.

  • Via a mobile app
    The security codes are generated via a smartphone app. Dropbox supports the Google Authenticator for Android and iOS, Amazon AWS MFA for Android, and the Authenticator for Windows Phone.

EnlargeThis is what the Dropbox login looks like with activated two-factor authentication.

If you choose the app, the Dropbox website will display a QR code. The easiest way to scan this is with the authenticator app (photo symbol in the app; or manually add a time-based token). You can then optionally enter a cell phone number to which Dropbox will send the security code via SMS if the primary smartphone is lost. The last step, however, is not optional: Make sure to note down the 16-digit code, which is only valid once and is the last chance to access your account if you lose your smartphone or have app problems. Keep the code in a safe place - preferably on a piece of paper separate from the smartphone with the authenticator app or SMS receipt.

Finally, click on “Enable two-step verification”. From now on, every time you log in to the Dropbox website or link a new device to your Dropbox, you have to enter the security code from the authenticator in addition to the password.

In the security settings, you can see the code, which is valid once, at any time after entering your password and you can also switch from the app version to the SMS and vice versa.

Unlock 20 GB of free Dropbox storage - that's how it works

Here's how to log in to Dropbox with two-factor authentication

As soon as you have entered your username and password, the Dropbox asks you for the security code of the two-factor authentication. If the PC is secure - i.e. you trust all of its users - you can activate the checkbox. If you have lost your smartphone or have problems with the authenticator app, click on "I cannot use my authentication app" and enter your unique 16-digit code.