Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
394 results found
-
FIDO2 Phising Resistant MFA
Box only supports MFA and TOTOP options for 2FA external users. There is a need for FIDO2 (phising-resistant) requirements as an option for external sharing.
This process is not only secure but also user-friendly. There's no need for users to remember extra passwords or carry around additional hardware tokens. There is no need to install additional software; all the major browser support this out of the box. The device and browser do all the heavy lifting.
Per the updated guidelines from the National Institute of Standards and Technology (NIST), the requirement is that internal users must use phishing-resistant MFA, while…
24 votes -
Box password setting function compatible with “NIST password requirements”
Box password setting function compatible with “NIST password requirements”
Many companies create rules for internal tools based on NIST password requirements.
I would like Box to introduce a password setting function that complies with NIST password requirements.・If it detects that a password may have been leaked, it will force you to change your password.
・If the password is included in the list of leaked values, the system will prompt you to create a different password.NISTパスワード要件に対応したBoxのパスワード設定機能
多くの企業がNISTパスワード要件をもとに社内利用ツールのルールを作成しています。
BoxもNISTのパスワード要件に対応したパスワード設定機能を導入して欲しいです。・パスワードが漏洩した可能性を検知した場合、パスワードの変更を強制する
・パスワードが漏洩した値のリストに含まれている場合異なる文字列でのパスワード作成を要求する4 votes -
Exclude certified eco-solutions from Device Trust Requirements' setting
I think that when I enable the setting for "Web App & 3rd Party Apps" in the Device Trust Requirements, the certified EcoSolutions are also restricted.
We would like to exclude certified eco-solutions from Device Trust Requirements like Box’s applications, so we request specification change to allow "3rdParty Apps" to be specified in a whitelist or blacklist format.デバイストラストの設定の際、(Web App & 3rdParty Apps)を有効化した場合、認定エコソリューションについても制限されるとの認識です。
認定エコソリューションをBox社アプリと同様に制御対象外としたく、「3rdParty Apps」 をホワイトリスト or ブラックリスト形式で指定できるように仕様変更の検討をお願いします。4 votes -
Prevent each user from accepting invitations without their consent.
【Current status】
Currently, users can enable “Require acceptance when receiving invitations” in their account settings, but the problem is that administrators cannot enforce this.【Background】
Box allows users to easily send invitations to collaborate as long as they have an email address.
This means that you can be invited to a folder without your knowledge, and a mysterious folder can suddenly appear in your top folder.
This creates the possibility of accidentally uploading a file or downloading an unwanted file.The invitations we receive from outside parties can be restricted by a collaboration whitelist in Box Governance, but we do…
1 vote -
I would like to be able to specify multiple two-factor authentication options.
I would like to be able to specify multiple two-factor authentication instead of one.
The reason is that I want to be able to use it as a sub as a backup.example: select both SMS and Authentication App.
This is helpful if a user loses their backup code and is blocked from logging in.
-in Japanese
二要素認証のオプションを複数指定できるようにしてほしい。二要素認証オプションを1つではなく
複数指定できるようにしてほしいです。
理由はバックアップとしてサブで使えるようにしたいからです。例:SMSと認証アプリの両方を選択する。
これは、ユーザーがバックアップコードを紛失し、ログインをブロックされた場合に役立ちます。3 votes -
2-step verification shoud be avaiable for free plan also
2-step verification should be also available for free plan not only for paid.
The option is avaiable for free in Gmail and its a good ideea to have it also here.1 vote -
Make sure there are multiple ways to login to Box incase 2FA is disabled or not working. Perhaps ask a security question in lieu of the 2FA.
Make sure there are multiple ways to login to Box incase 2FA is disabled or not working. Perhaps ask a security question in lieu of the 2FA. So if someone changes the phone or email or the app, they can login with their username and password, and then if the 2FA fails, answer some security questions to get logged in. I just changed my phone and the authenticator app was not working,so I had to email the Box team and it took 2 weeks to get back into my account. So let's come up with a system for this. Thanks.
1 vote -
BOX administrator login settings
BOX login settings are set to exclusive between SSO authentication and MFA.
I want MFA to be enabled even if SSO authentication is selected, rather than being exclusive to BOX administrators, which is more secure.1 vote -
Add the ability to edit Watermarks or have some menu options... e.g. Confidential, Not for Distribution
Add the ability to edit Watermarks or have some menu options beyond name and time ... e.g. Confidential, Not for Distribution. etc.
2 votes -
Ability to have users enter their name and email address when downloading from a shared link without being logged in.
In the case of a public shared link, there is no way to verify the user who manipulated the file if it was manipulated while the user was not logged in.
However, we would like to verify by whom the shared file was downloaded.
Since the file sharing partners are unspecified, we would like to share files via a shared link rather than through collaboration.
Request the ability to track the operating user by having them enter their name and email address when downloading from a shared link in an un-logged-in state.(日本語)
<共有リンクから未ログイン状態でダウンロードする際に名前やメールアドレスを入力できる機能>
「リンクを知っている全員」に設定した共有リンクの場合、未ログイン状態で操作された場合はファイルを操作したユーザーを確認する手段がありません。
しかし、共有したファイルが誰によってダウンロードされているか確認したいと考えています。
ファイルの共有相手は不特定多数のため、コラボレーションではなく共有リンクでファイルを共有したいと考えています。
共有リンクから未ログイン状態でダウンロードする際には名前やメールアドレスを入力させて、操作ユーザーを追える機能をリクエストします。5 votes -
Allow using 2FA for free accounts
Hello,
It is very regrettable that BOX doesn't provide the possibility to set up 2FA security connection for theirs free account users! To have this level of security connection to the BOX account doesn't mean to profit extra services, quality, support, etc., but simply protect the BOX account and safe private data.
That's should be nowadays including in base services, that's not an extra!
To compromise the security of free BOX account users by blocking to use a worldly recommended 2FA security system, is simply contemptuous and dangerous.
Can BOX revise this issue?
1 vote -
Cryptomator
Being able to connect Cryptomator with my Box account
1 vote -
Use Issuer Label prefix in TOTP URI for MFA to conform to recommendations
When setting up MFA using authenticator app, the QR code you generate does not provide Issuer Label Prefix in the label.
This is not according to TOTP recommendations:
https://github.com/google/google-authenticator/wiki/Key-Uri-Format#issuerYour format is:
otpauth://totp/<EMAIL-ADRESS>?secret=<SECRET>&issuer=Squarespace&digits=6&period=30This leads Microsoft Authenticator to use the name <email-domain>, for example "gmail" or "outlook", for the account, as per https://github.com/google/google-authenticator/wiki/Key-Uri-Format#label
If another website implements the same bad QR code format as you, on iOS one of the two will be overwritten, and you will loose access to that site.
Squarespace uses the same bad formatting, so chances of catastrophe is big. (I will also be reaching out…
1 vote -
Additional control over Account Lockout
When a user exceeds the failed login amount threshold, it would be very helpful for there to be an account lockout triggered along with the notification email that would not require an admin to manually set the account to inactive.
1 vote -
Auto-Disable inactive users
Managed Users:
Enable the following feature:Box auto-disables managed user accounts that meet a set threshold of account inactivity. There should be a setting to specify a threshold for inactive users i.e. number of days since the last login.
2 votes -
Incorrect unsuccessful SSO sign on message.
My company uses Okta for SSO. I went to sign on at box.com. After entering my username, Google Authenticator token, and my password, I received an error message.
"Single sign-on authentication was unsuccessful (reference #GMSOVUES). with a partner # and a Target resource (I have a screenshot).
I typed "box.com" into the location bar to start the sign on process again. I entered my username. Boom, I was logged in. Thus, either the error message was incorrect, or Box has larger security problems.1 vote -
Default Setting: Invisible Collaborator List for External Users
Exposing the list of users collaborating on a folder to users from other companies could lead to a personal information leak. In the future, we would like to make the collaborator list invisible to users outside the company by default. We hope that this will be improved.
1 vote -
SSO certificates auto-renewal
Requesting Box allow SSO certificates to auto-renew based off the metadata allowing Box to refresh the cert from the idp without manual renewal of the cert.
1 vote -
2 Factor Authentication
When a user is setting up 2 factor authentication, the message says it will replace your login settings. It needs to say explicity "Box settings", as it now leads you to believe it is replacing your authenticator app settings that is used for the employee's company login.
1 vote -
Group-based SSO configuration
Current Status and Issues:
SSO mode can only be set for all users.
If SSO is mandatory, when IdP fails, all users cannot log in to Box.Desired Improvement:
I would like to specify a Box group to enable/disable/require SSO. If only the administrator can set "SSO Enabled", he/she can log in even in case of IdP failure, and by changing the setting of general users from "SSO Required" to "SSO Enabled", the business can continue.
Furthermore, if possible, we would like to set it up so that different groups can SSO in different IdPs.Reason for need:
The IdP…2 votes
- Don't see your idea?