Help shape the future of Box

Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!

See user guide here.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Upgrade from reCAPTCHA v2 to reCAPTCHA v3

    The pictures shown in reCAPTCHA v2 like traffic lights and crosswalks are vague, leading many users to fail to log in.
    As a result they would like Box to use reCAPTCHA v3 instead.

    2 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. bulk manage Shared Links

    Provide a way for all shared links in an account to have their permission levels / access levels / expiry dates modified in bulk, rather than having to change each one individually which is extremely time consuming for large doc sets.

    113 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under consideration  ·  15 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Proper 2-factor authentication with TOTP not SMS

    Using SMS for 2-factor authentication is oudated and insecure. Using TOTP is an industry standard and should be implemented.

    5 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    on roadmap  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Send a "here's how your items are shared" report to each user periodically

    One of the most common sources of security breaches is due to a user inadvertently sharing an item more broadly or for longer than they intended.

    A simple way to help limit those sorts of security breaches would be for Box to email every user a report periodically (configurable by the admin, but roughly monthly) that said "Here's how everything you own is shared with other people, and here's a link to the KB article that'll tell you how to fix it if it's not what you want", then showed a report of their folders, files, and shared links, with…

    70 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under consideration  ·  3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Create exceptions for auto-expiration of sharing and external collaborators

    We have auto-expiration on file sharing but often need to share files with external collaborators for an indefinite amount of time. We can't keep re-sharing the file. Same for external collaborators - we have auto-expiration but we can't keep re-sharing folders with them.

    6 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Get details on shared link without owner

    Airbnb and other companies when going through a large
    deprovision of accounts run into issues where someone shares a link of the file after the owner is
    no longer there and the collaboration is removed. But with just the file link, there is no way for the admin to get anymore details on the file.

    The feature request is the ability to get more details on a file through the link.

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Box lock security

    We just discovered that a user with viewer-uploader permissions can unlock files which our team believes is an unacceptable security flaw. The viewer-uploader level of security is required for a user to create a folder within a folder that we have granted them access to, but other than that level of editing our external invited partners should not have the ability to manage a security feature such as unlocking a file or folder.

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Authy 2 Factor Authentication.

    Include Vietnam in 2-FA or remove it from the list of countries in the menu when trying to add 2FA.

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. True Client IP vs Accelerator IP in Audit Logs

    To improve download speeds, Box automatically leverages "accelerator" hosts on various cloud/hosting providers around the world. When this happens, the "client IP address" recorded in the audit logs is the accelerator IP address, and not the true endpoint IP address. This results in false positives in "impossible travel" analytics, and could result in false negatives. We request that the audit logs be enhanced to capture the true client IP and accelerator IP (where applicable) as separate fields in the logs.

    2 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. External 2FA - use email instead of SMS

    2FA for external users - have the option to have the second factor email instead of text. Or give the option for either text or email.

    23 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under consideration  ·  7 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. "File Request Link" report similar to the "Shared Link" report

    Would like Org level report on what folders have "File Request Links" very similar to the "Shared Link" report. We need to report on what folders are shared publicly.

    29 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    gathering feedback  ·  1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow SSO users to remove their external password again

    Since I as a user can set up an external password for my SSO account, I'd like to also be able to remove that external password when I no longer need it. This a) removes an unnecessary login method and therefore improves security and b) alleviates the need for me to regularly change a password I no longer have any use for.

    Currently this requires going through Box support (and potentially an enterprise's own internal support hierarchy before that, as in my case), whereas it could also be a simple link/button next to the "Change Password" link in my account…

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Hardware security option for Login

    So far there is no option of hardware security, like Yubico/ Yubikey or similar security keys that require physical identification (I have just checked with your service). SMS code/confirmation is a poor alternative. Please consider option to use USB computer security keys (Dropbox has it, so stay in line with competion, as you are much better!) https://www.yubico.com/works-with-yubikey/join/

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Cylance

    Please add Cylance to the list of Antivirus vendors as part of the Box Device Trust settings!

    2 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Can we get a report that shows WHY a device failed Device Trust?

    Can we get a report that shows WHY a device failed Device Trust?

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. In China we have to use boxcn.net as box.com is blocked, and after few weeks not logining boxcn.net, it needs to have google validation box

    One of our vendor can’t login box with his own company email account. And then can’t share file with him to update.

    I found he can’t see the “i’m not a robot” after login sonos.app.boxcn.net to fill in password as he doesn’t have VPN enabled

    after i use his account to login and validated this, he can then login normally.

    Looks if you don’t use box for few weeks, it will ask you to validate via this google authentication way which he can’t see it without VPN.

    How to fix this for china users if they can't use VPN?

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. SSO Required - API authorize endpoint behavior not consistent with Core Box

    USAF is developing a custom iOS app on Box requiring USAF internal users to authenticate into the app via SSO. With "SSO Required" turned ON, the app redirects users to the Box login page and not the SSO login page on invoking the Box authorize API endpoint. This seems not to be consistent with the Core Box "SSO Required" flow
    More details including user flow illustration in the ticket.
    JIRA ticket - https://jira.inside-box.net/browse/BOX-205930

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. 1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enable passphrases instead of only complex passwords

    We enabled the Box strong password policy for 3rd parties; however, it does not permit passphrases. In the CASB pilot, when I accepted an invite to collaborate on my personal Box account, Diageo Box required me to change my 15 character passphrase to a complex password. That will be a problem for any 3rd parties using passphrases. Therefore we should turn that policy OFF.

    1 vote
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add the automatic deletion function of external collaborators account

    Request: Add the automatic deletion function of external collaborators account
    Please add automatically delete function linked to the deletion of his company's Box account.
    Reason: Even if he changes jobs, he can still log-in to Box using his old e-mail accounts.
    We cannot control the collaborators' job change, and we cannot grasp it in a timely catch-up of his situation.
    If he changes jobs to our competitor, the risk of data breaches increases.

    4 votes
    Sign in Sign in with Box
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 14 15
  • Don't see your idea?

Feedback and Knowledge Base