FIDO2 Phising Resistant MFA
Box only supports MFA and TOTOP options for 2FA external users. There is a need for FIDO2 (phising-resistant) requirements as an option for external sharing.
This process is not only secure but also user-friendly. There's no need for users to remember extra passwords or carry around additional hardware tokens. There is no need to install additional software; all the major browser support this out of the box. The device and browser do all the heavy lifting.
Per the updated guidelines from the National Institute of Standards and Technology (NIST), the requirement is that internal users must use phishing-resistant MFA, while external users should be given the option to use such a method. While TOTP and SMS codes provide an extra layer of security, they can be susceptible to phishing attacks and thus are not considered phishing-resistant and as such do not meet the requirement.