Background:
2FA for external collaborators does not require a re-2FA. The only way an external person will have to re-2FA is if they switch browsers or clear cache/history. I have an external user that set up 2FA in November of 2021 that hasn’t had to re-2FA to our box environment since. It has been so long that she didn’t even remember setting it up (it is Aug ’22 now). The current box 2FA implementation effectively moves the security away from box and on to the end user’s device / environment. Being external partners, we have no insight into how secure this is.

The request:
Within the 2-Step Login Verification Edit menu, add an expiration option. Some obvious choices being Daily, Weekly, Monthly. Ideally, I’d be able to set it by specific domains or users but even a global setting would be better than today’s configuration of never for everyone.