Allow Google Authenticator for 2FA instead of SMS.
-
Anonymous commented
Hi Box team. My company is one of your Multinational customers. We need 2FA to adhere to our international Security Audit Policies. Microsoft and Google Authenticator are a requirement.
Thank you. -
Anonymous commented
Google Authenticator or Microsoft Authenticator need to be added to available options for 2FA. SMS is outdated and not secure.
-
Anonymous commented
NIST actively recommends avoiding SMS as a second factor. SMS messages are carried over 1980's era SS7 networks that have no encryption or authentication. Your current 2FA offering is not only NOT best-in-class, it is not considered secure by experts.
-
Anonymous commented
From a security perspective, this is disgraceful. How can you pride yourselves on security but only provide SMS 2FA? This should have been implemented years ago.
-
Anonymous commented
Most systems now authenticate with google making life easy and secure - Keep Up Box!
-
Anonymous commented
I really hope this gets pushed through soon and that it won't come down to a company getting hacked.
-
Box Admin Admin commented
SMS spoofing is trivial... This needs to be re considered. Was this decision cleared by the CSO?
-
Matt Royal commented
SMS-based 2FA is not a best-of-breed solution. If not Google Authenticator specifically, please support some form of 2FA that's superior to SMS.
Password breach teaches Reddit that, yes, phone-based 2FA is that bad (2018)
https://arstechnica.com/information-technology/2018/08/password-breach-teaches-reddit-that-yes-phone-based-2fa-is-that-bad/NIST Denounces SMS 2FA - What are the Alternatives? (2016)
https://www.securityweek.com/nist-denounces-sms-2fa-what-are-alternativesStandards body warned SMS 2FA is insecure and nobody listened (2016)
https://www.theregister.co.uk/2016/12/06/2fa_missed_warning/The Limits of SMS for 2-Factor Authentication (2016)
https://krebsonsecurity.com/2016/09/the-limits-of-sms-for-2-factor-authentication/TOTP support for 2FA? (Box Community, 2015)
https://community.box.com/t5/Business-Apps-Forums/TOTP-support-for-2FA/td-p/3585 -
Bartosz D commented
Allow to use LastPass Authenticator / Google Authenticator / Authy rather than SMS-based 2FA. The SMS method might be inconvenient for some customers and even not the safest option - keep in mind multiple recent stories of SIM swap scam
-
Bartosz D commented
"Not planned" - that's a huge mistake from Box's side and a huge downside for me as a customer.