Account security is a tough issue for a lot of people. It's a constant balancing act between having a stronger system to keep out would-be invaders while also making it convenient enough that users won't reject it. After Google began offering its own 2-step verification system, several other services adopted the same mechanism and opt-in model for people that wanted more than a single password protecting their personal data. This generally left users with Google's Authenticator app, which got the job done, but it lacked features and languished on an early Holo dark design.
Users of newer versions of Windows or just about any Microsoft web service might be familiar with the company's rudimentary two-factor authentication system. If it's been a while since you've logged in or you're setting up a new Windows device, it might ask you for a verification code, accessible from a backup email account. Of course that can be a pain if you don't remember the password for that account, or simply don't want to dig it out.
Several weeks ago, Dropbox suffered a small security breach that gave wrong-doers access to a few unlucky users' email addresses. On the good side, it also brought the vulnerability to the Dropbox staff's attention. Since then, they've been working hard to beef up security, and today, they introduced two-step verification.
Much like Google's two-factor authentication, once enabled this requires you to login using two different sets of verification: your password and a unique identifier sent in either a text message or generated locally on the device using the authenticator app (which you have the option to get via QR during the set up process).