Two factor authentication?
Drop Box's Web site doesn't require two-factor authentication. It requires a user ID and password: one factor.
For a quick refresher, authentication factors can be described very simply as:
1) What you know, e.g. a user ID and password, passphrase, secret question, etc.
2) What you have, e.g. an RSA key, smart card, or other piece of unique hardware.
3) What you are, usually determined biometrically.
Using two factors is great, but people who claim it because they want a user ID *and* password, or because they demand two challenge-response sessions, e.g. a user ID and password followed by a secret question, haven't bothered to learn much about authentication.