Authentication using security keys (passkeys/FIDO2) has been released. I think this is a very positive step forward.
Currently, the process requires entering your Box ID and password, followed by inputting a physical key. It would be great if security keys alone could enable passwordless authentication.

For SMS or Authenticator app authentication,
requiring the sequence: ID input ⇒ OTP sent/entered ⇒ Box password input would also help counter dictionary-enhanced phishing (phishing aimed at understanding user password patterns, not necessarily targeting unauthorized Box logins).

Additionally, using the Number Matching format for Authenticator app authentication offers higher phishing resistance and convenience compared to OTP. It would be preferable if this became available.
OTP: Entering the 6-digit OTP displayed in the Authenticator app on the device you want to log in from.
Number Matching: Entering the 2-digit number displayed on the device you want to log in from into the Authenticator app.