Skip to content

Help shape the future of Box

Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!

See user guide here.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

389 results found

  1. FIDO2 Phising Resistant MFA

    Box only supports MFA and TOTOP options for 2FA external users. There is a need for FIDO2 (phising-resistant) requirements as an option for external sharing.

    This process is not only secure but also user-friendly. There's no need for users to remember extra passwords or carry around additional hardware tokens. There is no need to install additional software; all the major browser support this out of the box. The device and browser do all the heavy lifting.

    Per the updated guidelines from the National Institute of Standards and Technology (NIST), the requirement is that internal users must use phishing-resistant MFA, while…

    21 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. I would like to be able to specify multiple two-factor authentication options.

    I would like to be able to specify multiple two-factor authentication instead of one.
    The reason is that I want to be able to use it as a sub as a backup.

    example: select both SMS and Authentication App.

    This is helpful if a user loses their backup code and is blocked from logging in.

    -in Japanese
    二要素認証のオプションを複数指定できるようにしてほしい。

    二要素認証オプションを1つではなく
    複数指定できるようにしてほしいです。
    理由はバックアップとしてサブで使えるようにしたいからです。

    例:SMSと認証アプリの両方を選択する。
    これは、ユーザーがバックアップコードを紛失し、ログインをブロックされた場合に役立ちます。

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Ability to have users enter their name and email address when downloading from a shared link without being logged in.

    In the case of a public shared link, there is no way to verify the user who manipulated the file if it was manipulated while the user was not logged in.
    However, we would like to verify by whom the shared file was downloaded.
    Since the file sharing partners are unspecified, we would like to share files via a shared link rather than through collaboration.
    Request the ability to track the operating user by having them enter their name and email address when downloading from a shared link in an un-logged-in state.

    (日本語)
    <共有リンクから未ログイン状態でダウンロードする際に名前やメールアドレスを入力できる機能>
    「リンクを知っている全員」に設定した共有リンクの場合、未ログイン状態で操作された場合はファイルを操作したユーザーを確認する手段がありません。
    しかし、共有したファイルが誰によってダウンロードされているか確認したいと考えています。
    ファイルの共有相手は不特定多数のため、コラボレーションではなく共有リンクでファイルを共有したいと考えています。
    共有リンクから未ログイン状態でダウンロードする際には名前やメールアドレスを入力させて、操作ユーザーを追える機能をリクエストします。

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Exclude certified eco-solutions from Device Trust Requirements' setting

    I think that when I enable the setting for "Web App & 3rd Party Apps" in the Device Trust Requirements, the certified EcoSolutions are also restricted.
    We would like to exclude certified eco-solutions from Device Trust Requirements like Box’s applications, so we request specification change to allow "3rdParty Apps" to be specified in a whitelist or blacklist format.

    デバイストラストの設定の際、(Web App & 3rdParty Apps)を有効化した場合、認定エコソリューションについても制限されるとの認識です。
    認定エコソリューションをBox社アプリと同様に制御対象外としたく、「3rdParty Apps」 をホワイトリスト or ブラックリスト形式で指定できるように仕様変更の検討をお願いします。

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Cryptomator

    Being able to connect Cryptomator with my Box account

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Add the ability to edit Watermarks or have some menu options... e.g. Confidential, Not for Distribution

    Add the ability to edit Watermarks or have some menu options beyond name and time ... e.g. Confidential, Not for Distribution. etc.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Use Issuer Label prefix in TOTP URI for MFA to conform to recommendations

    When setting up MFA using authenticator app, the QR code you generate does not provide Issuer Label Prefix in the label.

    This is not according to TOTP recommendations:
    https://github.com/google/google-authenticator/wiki/Key-Uri-Format#issuer

    Your format is:
    otpauth://totp/<EMAIL-ADRESS>?secret=<SECRET>&issuer=Squarespace&digits=6&period=30

    This leads Microsoft Authenticator to use the name <email-domain>, for example "gmail" or "outlook", for the account, as per https://github.com/google/google-authenticator/wiki/Key-Uri-Format#label

    If another website implements the same bad QR code format as you, on iOS one of the two will be overwritten, and you will loose access to that site.

    Squarespace uses the same bad formatting, so chances of catastrophe is big. (I will also be reaching out…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Allow using 2FA for free accounts

    Hello,

    It is very regrettable that BOX doesn't provide the possibility to set up 2FA security connection for theirs free account users! To have this level of security connection to the BOX account doesn't mean to profit extra services, quality, support, etc., but simply protect the BOX account and safe private data.

    That's should be nowadays including in base services, that's not an extra!

    To compromise the security of free BOX account users by blocking to use a worldly recommended 2FA security system, is simply contemptuous and dangerous.

    Can BOX revise this issue?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Additional control over Account Lockout

    When a user exceeds the failed login amount threshold, it would be very helpful for there to be an account lockout triggered along with the notification email that would not require an admin to manually set the account to inactive.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Incorrect unsuccessful SSO sign on message.

    My company uses Okta for SSO. I went to sign on at box.com. After entering my username, Google Authenticator token, and my password, I received an error message.
    "Single sign-on authentication was unsuccessful (reference #GMSOVUES). with a partner # and a Target resource (I have a screenshot).
    I typed "box.com" into the location bar to start the sign on process again. I entered my username. Boom, I was logged in. Thus, either the error message was incorrect, or Box has larger security problems.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Default Setting: Invisible Collaborator List for External Users

    Exposing the list of users collaborating on a folder to users from other companies could lead to a personal information leak. In the future, we would like to make the collaborator list invisible to users outside the company by default. We hope that this will be improved.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. SSO certificates auto-renewal

    Requesting Box allow SSO certificates to auto-renew based off the metadata allowing Box to refresh the cert from the idp without manual renewal of the cert.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. 2 Factor Authentication

    When a user is setting up 2 factor authentication, the message says it will replace your login settings. It needs to say explicity "Box settings", as it now leads you to believe it is replacing your authenticator app settings that is used for the employee's company login.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Group-based SSO configuration

    Current Status and Issues:
    SSO mode can only be set for all users.
    If SSO is mandatory, when IdP fails, all users cannot log in to Box.

    Desired Improvement:
    I would like to specify a Box group to enable/disable/require SSO. If only the administrator can set "SSO Enabled", he/she can log in even in case of IdP failure, and by changing the setting of general users from "SSO Required" to "SSO Enabled", the business can continue.
    Furthermore, if possible, we would like to set it up so that different groups can SSO in different IdPs.

    Reason for need:
    The IdP…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Require 12 characters for External Collaborator Passwords

    Currently, if 'Require Strong Passwords for External Collaborators' is selected, the external collaborator will be required to use at least 8 characters (along with additional criteria). The ask is to require 12 characters, rather than 8, for increased security.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Auto-Disable inactive users

    Managed Users:
    Enable the following feature:

    Box auto-disables managed user accounts that meet a set threshold of account inactivity. There should be a setting to specify a threshold for inactive users i.e. number of days since the last login.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. More possibilities regarding session timeout

    We find that the session timeout possibilities are somewhat limited. The jump from 2 days to 14 days is quite big - 2 days would log everyone out during each weekend, and would result in support tickets and 14 days are quite many. Something like 4 days inbetween would be great.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Custom User Role

    Currently under user role and access permission, we can only give a user "Member" or "Co-Admin" role.
    We would like the additional more granular role or provide us the ability to create custom role with checkboxes.
    Our goal is to have a new Role to allow a user to be able to maintain the Shields List for Email Address (Allow List for Email Addresses).

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. YubiKey - MFA option

    I'm wondering if Box would consider adding the YubiKey as an option for MFA - https://www.yubico.com/why-yubico/

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Password reset is so laborioius

    You need to vastly improve the password reset experience. It takes me several minutes to set up a new password and I have to do this on multiple computers. For one thing, DON'T expire passwords. It doesn't improve security at all. Second, if you have to expire them, send me a warning a few days ahead of time. Don't just shut down my Box drive app. Third, I should be able to log in with my old PW and just reset there, maybe with a 2nd factor authentication, like a text message. Finally, the PW rules are too narrow. If…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
← Previous 1 3 4 5 19 20
  • Don't see your idea?

Feedback and Knowledge Base