Two factor authentication as standard for business customers
Two factor authentication is the standard for securing accounts. I was therefore surprised to learn that enforcing two factor authentication on the business subscription package is not an option. Requiring two factor authentication is only available on the top enterprise price plans.
This is disappointing, as it means businesses customers who use Box, their staff can bypass any requirement to use two factor authentication. It increases the risk of a breach of company data due to a bad password practices by an employee, like using the same password across many different services. Without two factor authentication the company data is only as secure as the least secure password.
Requiring two factor authentication should be available on all business accounts.
Anonymous
shared this idea
-
Anonymous
commented
We've (the Admins) been logging into employee accounts as the employee, turning on MFA, then telling them it's required (and not how to turn it off). This is a ridiculous workaround that still does not keep them from turning it off, if they figure out how. I wholeheartedly agree that MFA should be included at every level of Box business account. And it's a huge black mark against Box - which is normally so focused on security - that this is not available.
-
Anonymous
commented
I strongly believe that security is critical. The possibility to enforce 2FA shouldn’t be an Enterprise option.