MFA option to be TOTP or SMS or Email
When the MFA option is released currently the option is:
1. TOTP
2. TOTP or SMS or Email.
Can you make it a check list so we can enable the one we want?
For example, I only want TOTP and SMS.
Admintatsuhikoina
(Admin, Box)
shared this idea
-
Anonymous
commented
we also need Email only option for the same security reasons
TOTP and SMS can be set to personal devices -
Adminjohnanderson
(Admin, Box)
commented
Having the option to chose any of these three is VERY important. Here is an example of why forcing MFA EMAIL is important:
Here is the process:
1. Delta employees Tim
2. Tim shares a folder with Jane at Boeing
3. For security, the Delta admin required 2-step verification (Authenticator App, SMS or Email)
Jane chooses SMS b/c it’s faster and EMAIL was not forced.
4. Jane has access to the folder
5. Boeing terminates Jane
6. Tim has no idea Jane was terminated
7. Jane STILL has access to the Delta folder by logging into Box using her Boeing.com email even though she has been terminated from Boeing. Jane receives an SMS to authenticate since EMAIL was not forced. Jane is in Delta’s folder even though she does not work for Boeing any longer. -
Anonymous
commented
Yes! In our case, we need to enforce that external users can only use email for their 2FA.