This feature is not yet available as of Feb 2021. Hope to see it soon. The current SMS system is not responsive enough and is less safe less convenient than an authenticator app.

It is 2021 now and I have been waiting for this feature to implement before I upgrade my account...

Not having authenticator apps as an option for 2FA is simply unacceptable. This should have been implemented years ago and the "second half" of 2020 has come and gone. How can Box be considered to take security seriously with this failure of implementing a necessary security feature in a timely manner?

Can you please provide an update? Support for non-SMS 2FA is crucial. This is worth escalating up the chain. Thanks.

The "second half of this year" is almost over. When will we see non-SMS 2FA in place? I'm getting pressure to stop using Box (and I really don't want to) because there is no non-SMS 2FA. Please help our team stay with Box!!! @Alok Ojha

I've had some trouble with SMS in the past as well.
Having alternatives like a code sent via email, time based OTP and some backup codes would be ideal.

I honestly cannot believe this isn't a thing. Not only is SMS 2FA the single worst 2FA you could employ, it doesn't even work. I literally could not log in because the code sent to me isn't correct. No matter what, it never is. Congrats! I've had to disable it to be able to log in at all.

I don't care whether this is "on roadmap", it should be accelerated to _now_ because I can't even log in anymore with 2FA.

Box recently suffered from a severe outage related to 2FA (which currently employs SMS-based tokens): https://status.box.com/incidents/qdzfdkkqrs26.

For the reason, if cellular carriers make changes to their network or suffer an outage, this is completely out of Box's control and renders the 2FA service unusable, thus locking out customers who have it enabled on their accounts.

Enabling TOTP-based 2FA (like using an app such as Authy) as an alternate method would help solve this issue in the future.

See this thread for support as well: https://community.box.com/t5/Web-App-Forum/FEATURE-REQUEST-Integrate-Google-Authenticator-for-2FA/m-p/85627

First joined in 2013, 7 years later SMS stopped working and no real 2-factor authentication!

Almost 3 years after the original post was published, and 8 months after it was updated to "Under consideration". No updates from Box since. They don't care about their customers' security concerns, I'm moving to a different service.

I love Box and it works great for our team. However, unless 2-factor authentication can be done through something like Google Authenticator or Yubikey, our auditor will require us to cease using Box. I have about two months left before I will be forced to cease using Box. Please please please make this happen ASAP!

It's unacceptable to not offer an alternative for 2-Factor Authentication via SMS.
Why isn't it possible to use SMS, or, if this method doesn't work, to use an Authenticator App or a one-time recovery key, or some more phone numbers.

That's really poor and prevents me from going to a paid plan.

Having just signed up for a Box account because an organization I do business with uses it. I was shocked that non-SMS 2FA wasn't supported in this day and age. SMS isn't secure enough. I advised them they should search for another online storage provider, especially since they share financial records with clients through Box.

Wow! We are 1 year away from the 15th anniversary of Box.com's founding in 2005, and yet here we are - still with no TOPS two-factor authentication option such as Google Authentication, Symatec VIP Access, Authy, etc., etc., etc., etc.. Will Box ever take it's users request seriously and stop sending responses, like the one below, year after year after year? It is time Box finally entered the twenty first century when it comes to cyber security.

====================
01-18-2019 05:32 AM
Re: FEATURE REQUEST: Integrate Google Authenticator for 2FA Authentication
Hi @XXXX

Thanks for your post and feedback!

We appreciate you following up on this product feature request. Currently, this is not a feature that is available in Box, but this idea has been submitted to our team.

You can check it here. Up vote this idea and if you want to add more to the feedback from this chain, comment your use case and the reason how this will help you and your organization.

Thanks for your time in the Community and appreciate your help!

I would love for this to be available as well. I am living in Asia and using Box along with the SMS 2FA is time-consuming because I have to wait for at least 10 minutes or more sometimes for the 2FA SMS to arrive. Occasionally I work at locations where there are simply no strong signals available and thus I would be unable to log into my account.

I echo all of the other concerns. SMS 2FA is not secure. You really need to do better on this. MS Authenticator or Google Authenticator are a much better option (I'd prefer Yubikey, but these could pass for now).

Hello,

As mobile phone radiations are very toxic for health, I now only use my phone with a wired connection, so I don't receive SMS anymore. SMS belongs to another age. So to connect healthy to Box, I need to connect to my phone with TeamViewer and turn off the offline mode, very annoying ! So yes, please activate the Google Authenticator or Authy tokens as nearly all other web services currently do.

Thanks and kind regards,

Eugène Fournier

Well, external 2FA has been released. Where is the reconsideration?

Why Box doesn’t have a 2FA “one time password” setup, or other authenticator affiliation? Why does 2FA have to be associated with a cell phone? What if someone’s phone is lost, or is in the other room or something like that? (I speak first hand on this experience and how frustrating and infuriating it was when my phone was stolen and I couldn’t access half my stuff because of 2FA affiliated with my mobile number. Also, it’s just not that secure anymore.) It would be really great to have the 2FA setup in my 1password account with the one-time password.
Is there a way to prioritize this, and inform your users with a planned rollout? We too have some issues with GDPR since we deal with some multinational clients and to have this added layer of security would bring peace of mind.