Dropbox has announced two-factor (or two-step as they call it) authentication support. With all the buzz about hacked accounts recently, I highly recommend everyone to turn on two-factor authentication.
Dropbox currently allows you to choose between using a mobile authenticator app or receive a text message with a authentication code. I went the route of using Google Authenticator, as I already use it for my Google account.
For recovery, the only option currently is a recovery passcode that is generated when you set up two-factor authentication. Hopefully, they will add support for multiple recovery options.
Update: Jeff from AgileBits (the makers of 1Password) wrote a compelling argument for why two-factor authentication isn’t a good idea if you are using Dropbox to sync your 1Password keychain.
Data availability is just as much a part of data security as data secrecy. It is the ability to get and use your own data when you need it. For a dramatic case of what it means when people lose access to their own data, consider what happened to Mat Honan. If he had not found a way to get back into his Dropbox account after all of his personal devices and computers were wiped clean, he would have lost all access to his 1Password data.