Password reset process is cumbersome
Even with the understanding that my specific situation might add a few steps, it is significantly longer and more involved than the analogous process for any other product, tool, or service that I use. I have described the steps that I have to go through and would encourage the Box Developers and UX Teams to consider a more seamless way to do this in some future release.
Reset Password – Box Drive
Key:
- = optional step, performed for positive validation that the new password was accepted
+ = step that is specific to my setup
- At Windows/Domain login, notification appears stating that I am “no longer connected” to Box and should log in again. Note that no indication is given as to why this is, but in practice, I have learned that this means that the password has expired.
- 2. I generally log in anyway to confirm this. Logging in generates a prompt for the MFA code, which I obtain and enter. At that point, I am told that my password has expired and I am directed to log in to the web site to reset it.
- I log in to the web site. I am again prompted for my MFA code, which I retrieve and enter. I am then notified that my password has expired, and I am asked to enter my email address – the same address that I just used to log in – in order to receive a reset prompt. I do so.
- I check my email program for the message and click on the link provided; I am returned to my browser at the Password Reset form/page
- At the web site, I enter my new password
- 6. I log in to the web site, using my new password, to confirm that it has been accepted and that LastPass has correctly saved the new value. I am again prompted for my MFA code
- I log in to the app using my new password and another MFA code
- 8. In my specific setup, I then launch my virtual desktop (AWS WorkSpace), which also has Box installed. I see the same “You are not connected to Box” message, but this time I am able to simply log in to the app with my new password. Once more – fifth time – I am prompted for an MFA code
The entire process takes several minutes, and can take up to ten, depending on optional steps, latency in receiving the email or MFA codes, etc. It requires that I log in to either the app or the web site a minimum of three times, and as many as five in my particular scenario. Honestly, I have an easier time resetting my bank’s online credentials, or reporting that my credit card was lost and getting a new one. As an IT professional myself, I completely understand the need for security, and I appreciate the availability of options in the process, but I am sure that this can be made at least a little less cumbersome. Would you at least take a look at it? Thanks!