External 2FA - use email instead of SMS
2FA for external users - have the option to have the second factor email instead of text. Or give the option for either text or email.
Enforcement of which configured second factor is also desirable (ie. For enforcement of 2FA on collaborations, ability to specify which second factor is configured)
This also is critical for our continued use of the service.
This matter is of great urgency to me. I love Box and it works well for my team. But our auditor will require us to stop using Box if we can't do 2-factor authentication through something like Google Authenticator or Yubikey. If this can't happen within two months, I will be forced to end our use of Box.
Duo Mobile is used for corporate accounts, can you please add the option to non-federated personal accounts?
Wes Croker commented
Adding my .02... Please add additional 2FA options. And don't just stop at email, because that's really not a great 2FA solution either. Give us the ability to use an OTP generator, like Google Auth, Authy, etc.
And to echo what someone said below, allowing the enforcement of outside collaborators to require 2FA to view the content would be super handy.
Literally every other service offers 2FA over an OTP Generator. Dear Lord. Get with the times.
Admin Admin commented
Hi - I'd like to cast my vote for having something other than SMS as an option for two-factor authentication. Using an authenticator app like Google Auth, Authy, or 1Password is impossible in the current setup. Furthermore, SIM hijacking is a common problem and a potential security vulnerability. I am very surprised an $2.4B dollar, public, enterprise-grade company does not have this already.
Bryce Williams commented
I "eleventh" this request. We've recently taken a "pulse" of our user community, and there are quite a few issues with limiting our audience to a mobile-number dependent option. Among them privacy concerns when it's a personal device, and even laws related to use of a personal device for work purposes. So at least having an email option to support would help provide some additional flexibility. Thx.
Need 2FA for managed users and external collaborators that has the following ways to verify access:
1) Common Access Card (CAC)