Skip to content

Help shape the future of Box

Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!

See user guide here.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

373 results found

  1. 2FA - Option to select SMS or Email as opposed to both

    Hi all,

    We would like to have the option to select SMS as a 2FA method without having to have email as an option.

    Back in April last year Box introduced the option to have email as a 2FA Method. Unfortunately we can’t have Authenticator app and SMS but no email as a setting. Either it’s Authenticator app only or we have to enable emails too.

    On productions we go for the Authenticator app as that’s the most secure option, but one of our subsidiaries would like to give the option for SMS too.

    Enabling emails is a major security…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Phone number format prompt

    When setting 2FA by SMS, Box should update this part of the web site to specify exactly what format the phone number needs to be entered in.
    E.g. "7797123456" and not +447797123456, 447797123456, +44(0)7797123456 etc.

    Although it seems to work with or without a leading zero, it would be better to not include it as it is not part of the "phone number"

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Enable option to turn on Optimal Character Recognition (OCR) for all documents

    Enable option to turn on Optimal Character Recognition (OCR) for all documents.

    This is important for Search and Data Leakage Prevention (DLP)/Ethical Walls.

    E.g. a Driver's License, Passport, etc. image gets uploaded, then Box DLP doesn't recognize this today.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Enable 2FA renewal requirement options for external collaborators

    Background:
    2FA for external collaborators does not require a re-2FA. The only way an external person will have to re-2FA is if they switch browsers or clear cache/history. I have an external user that set up 2FA in November of 2021 that hasn’t had to re-2FA to our box environment since. It has been so long that she didn’t even remember setting it up (it is Aug ’22 now). The current box 2FA implementation effectively moves the security away from box and on to the end user’s device / environment. Being external partners, we have no insight into how secure…

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. UX switching 2FA method

    Changing 2FA method requires removing first. This breaks existing shared feeds for others and is alarming.
    The way you need to re-accept then go back and forth between pages refreshing each time before it shows as re-established is far from "Simple" or intuitive.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Make 2FA by e-mail work for the accessible-site

    Make 2FA by e-mail work for the accessible-site

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Password updates

    Login passwords currerntly enforce unnecessary format restrictions that are hindering the use of password generators. Characters < > cannot be used, and there also is a requiement to include at least two digits. Most hashing password generators use all printable characters (as they should), and ensure only the occurrence, but not the quantity, of character classes, i.e. 1 of each printable chartacter classes (uppercase, lowercase, numeric, special).

    Suggestion: allowing all printable characters and only requiring a minimum of 1 character from each intended class (occirrence only) would make Box login passwords compliant with the vast majority of hashing password generators…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Whitelist domains on External Collab folders

    We want the ability to be able to whitelist a domain on a specific folder for users for users of a business, within our External Collaboration folder which we use for our clients. EG, if the folder is to be collaborated with by our client "Acme", eg then:

    FOLDER: External Collaboration > Customer > ACME

    ACME Folder: Whitelist domain acme.com

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Department of Defense (DoD) impact level 5

    Department of Defense (DoD) impact level 5

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Yubikey integration with Box MFA without SSO

    Yubikey integration with Box MFA without SSO

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Box Virus Scan turned on by default

    Box Virus Scan turned on by default

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. password reset scheduling during holidays

    I am writing to request consideration of scheduling password changes to avoid peak vacation times. As a citizen developer, I do not have a dedicated team to manage these changes and it can be difficult to find time to complete the updates while also taking time off for vacation.

    I understand the importance of regularly updating passwords for security purposes, but I believe that scheduling these updates during times when fewer people are likely to be on vacation would minimize disruptions and make it easier for everyone to stay on top of this important task.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. "Remember me" added to login

    The need to constantly log in multiple times throughout the day when using Box.com is just absolutely an awful experience. This is especially true with integrations. Every time I close a browser window and then click a link, I have to log in again. We use Box as a source for all of our content for an agency so the number of logins is high. And when we receive a link to a piece of content, we have to click "Go to my account" to log in again, which takes us to the homepage, forcing us to click the link…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Provide easier ways to extend collaboration expiration

    Similar to the existing post below but the request is a bit different.
    https://pulse.box.com/forums/909778-help-shape-the-future-of-box/suggestions/36108211-bulk-extend-collaboration-shared-link-expiration

    We have folders where there are over 100 collaborators to extend on a certain cadence and need to click the "clock" button over 100 times, which obviously is so painful. We would like to have the ability to click "checkbox" to select collaborators to extend and update them in one shot.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Require additional Multi-Factor Authentication for external collaborators using SSO

    We can require 2-FA for external collaborators, but for external collaborators using SSO, Box does not check for whether users pass multi-factor authentication. Please add the ability to require additional multi-factor authentication for external collaborators using SSO.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Add collaborators automatically upon request from who wants the access.

    When a new collaborator is identified but not added as a collaborator yet, he/she needs to wait until permission. To reduce this idol time, automatically permit access first upon request. Check the collaborators afterwards if required. Existing folder collaborators can designate the folder that needs this function.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Persistent cookies

    Similar to Okta and Google Drive, we need the ability in Box to set use persistent cookie so the cookie doesn't expire when the browser is closed.

    Google Drive allows this by default, and Okta lets us specify the policy for specific users:
    ( see usePersistentCookie according in https://developer.okta.com/docs/reference/api/policy/#signon-session-object)

    Workflow:
    * launch browser, go to Okta, and log in (our IDP)
    * open up the box link - everything works
    * close the browser
    * open the browser
    * I'm still logged into Okta (since I have usePersistentCookie turned on)
    * when I go to a Box link, I'm…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Shared Link Password Policy

    Much like the default link expiry policy we would also like one specific to forcing passwords for shared links and preferably being able to define that policy with minimum characters and complexity.

    Bonus would be passwords that are auto-generated and viewable by the creator of the shared links to minimize the need for external tools.

    53 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    not planned  ·  10 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. "Automatically remove invited collaborators" - override/shorten

    I have enabled "Automatically remove invited collaborators" specifically for External Collaborators, under Enterprise settings > Content & Sharing.

    There are use cases (per folder) where the content owners/co-owners would like the ability to /override/ & shorten the expiration for an External Collaborator. This could be due to a contract or any other reason.

    The only method to do this now, is to delete the entire folder and all content.

    Example Use Case:

    Enterprise settings:
    - Content & Sharing > Invited collaborators expiration settings
    -- Automatically remove invited collaborators
    -- Remove after [ 90 ] days
    -- Apply these settings to…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Folders to which only managed users can be invited

    【Request】
    Regarding the "Restrict collaboration to within {OrganizationName}" setting in the folder settings,
    I would like the definition of users recognized as users in the organization to be selectable from the following two options
    ・Users who have same domains OR Managed Users (Same as current specifications)
    ・Only Managed Users

    【Current specifications & Issues】
    Currently, for folders with this setting turned on, users can invite others who meet either of the following conditions
    - Managed users of the tenant
    - Users with a Box account with an email address in the registered domain

    As it stands, this specification allows free accounts…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

Feedback and Knowledge Base