Dropbox has begun to add a two-step verification for all its accounts, the file-hosting service announced on its forums. The process, which is optional but recommended by Dropbox, “adds an extra layer of protection” to accounts by requiring users to submit a six-digit security code in addition to their passwords whenever they sign in, or link a new computer, phone or tablet, the company says. The security code is sent to users’ phones via text message, or generated using a mobile authenticator app.

Dropbox first unveiled the new feature to its forum users, asking them to report their experiences.

The announcement comes just after Dropbox found that usernames and passwords stolen from other websites were used to sign in to a number of Dropbox accounts. In a blog entry posted late July, the cloud-based service said it would take steps to improve users’ security by unrolling “two-factor authentication,” which requires two proofs of identity when signing in.