Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
395 results found
-
Auto-logout all sessions on password change
Automatically logout all sessions (desktop & mobile) if you change the password on your individual account.
3 votes -
4 votes
-
Please make the login form as one step
Now the login form have two steps - at first step I need to fill login, then press "Next" button (for what?), fill my password, press "Log in".
This type of login form brings problems with auto-filling credentials by most of browser plugins.
Please remove the surplus useless step with pressing "Next" in login form, to allow fill login and password in one page, using "Tab" button (or auto-fill plugin), like in most of other websites.
3 votes -
Box Relay: Remove Collaborators and Shared Links
We would like the ability to use Box Relay to automatically remove all Collaborators and Shared Links from a folder and all of the sub-items within that folder.
This functionality would be used to secure company files when an employee is off-boarded and ideally this process would be generated by placing a folder within another folder.1 vote -
Set "SSO Required"/"SSO Enabled" for each user
The current "SSO Required" is for all managed users.
When creating "administrator user and general user" as a managed user, there are the following problems.
-It is necessary to create an administrator user ID on the IdP side.
-When accessing as an administrative user, it takes time and effort to log in from the IdP and access Box.
-A license fee will also be charged on the IdP side.If we can set "SSO required" and "SSO enabled" for each user, the problem will be solved.
26 votes -
Child Sexual Abuse Material
Apple's recent announcement of measures taken to improve child safety (https://www.apple.com/child-safety/) have raised an important concern about content stored in Box and what measures we can take as an enterprise to address it. While there does not appear to be anything that we can do at this point, perhaps adding a feature in Shield that provides MD5 pattern matching (similar to known malware scanning) that would allow administrators to be alerted when this kind of material shows up in their Box instance.
Background on the issue: https://www.missingkids.org/theissues/csam
2 votes -
End to end encryption for storage and shared links
End-to-end encryption (E2EE) is one of the most popular security trends lately, and if Box offered this functionality, it would be very popular, especially for audiences who have a strong affinity for privacy and cryptography.
2 votes -
Cryptographic Erasure
Following NIST 800-88, we need the ability to 'destroy' certain high sensitivity data. Cryptographic Erasure is one of the options, basically encrypting the data and then losing the key. Until then, certain research projects and grants that require data destruction or DoD level erasure (and we are seeing lots of boilerplate contracts with that requirement) will not be hosted in Box.
1 vote -
Extension of the "Auto-Delete" Period
The BOX "auto delete" function for folders must accept a period of 100 years. It is currently limited to 85 years and I need to keep some HR files for a period of 100 years by definition of control and security. I request the extension of the term from 85 years to 100 years.
3 votes -
SSO exception
Ability to have exceptions for SSO for specific amdin accounts/test users. Use case: there's a series of admin accounts we use that own folders/content in Box but aren't actual users. Now when we want to turn on SSO - we now have to have OKTA accounts for those accounts and test users, when we'd prefer to just do Box 2FA for those vs. SSO enabled for all
42 votesUnfortunately this is not on the near-term roadmap, that being said this is a very interesting request which we may consider in the mid-long term.
-
Two factor authentication as standard for business customers
Two factor authentication is the standard for securing accounts. I was therefore surprised to learn that enforcing two factor authentication on the business subscription package is not an option. Requiring two factor authentication is only available on the top enterprise price plans.
This is disappointing, as it means businesses customers who use Box, their staff can bypass any requirement to use two factor authentication. It increases the risk of a breach of company data due to a bad password practices by an employee, like using the same password across many different services. Without two factor authentication the company data is…
3 votes -
Security Logs to add changes to Device Trust requirement settings
We would like to see in security logs to add changes to Device Trust requirements settings and possibly to get notifications for when certain enterprise settings are modified.
4 votes -
Ability to whitelist files(sha1) from virus detection
Please consider to have an option to add whiltelist of files (sha1) so that it won't be show up as an unsafe file from virus scanning.
2 votes -
Include device identification in Device Trust logs
We think it would be valuable to be able to identify a specific device failing Device Trust. Either MAC address or computer name would be useful. Computer name would be the preference.
This to positively identify the device end users are using to connect. As we were implementing Device Trust we ran into numerous situations where end users were connecting from multiple devices and not transparent with us that they were using multiple computers.3 votes -
Allow One-Off Reissue of Custom Terms of Service in Box
If a user ever rejects a custom terms of service, they are not able to access Box or attempt to connect via the collaboration link. It seems that they could try again in 30 days (we have not tested, this is way too long to wait for a time-out).
The only resolution to allow the single external collaborator to "reset" the ToS and accept them to sign in is to disable and re-enable custom ToS for all users.
This is a major problem - we should not have to revalidate all ToS for EVERY user to resolve an issue for…
1 vote -
New Authentication Process at sign in
The new authentication process is forcing us to use two step authentication even with our ATB Email address' every time we enter or come back after a period of time.
I am really hopeful that this is being looked into as its the most inconvenient. Our CSR's do not have business devices for google authenticator nor does the text feature seem to work to the branch office phones and when you ask it to call it takes a bit for the phones to ring and connect and cuts half the message off so we don't get a code. This is…
1 vote -
Password Requirements - customize min required characters
Password Requirements -> Minimum required characters -> only has the options of 6, 7, 8, 10 and 12. We would like to be able to set this character as 9, or any number in between 6-12.
1 vote -
2 votes
-
keysafe
Box keysafe requires the use of a specific AWS region, but from the perspective of disaster response, we request that the service be deployed in multiple regions.
1 vote -
Show the password when typing to avoid typo's
Add an option for the user to see the password they are typing to avoid typos when sending to the client. At the moment, there is no option to see what you have typed until the client is telling you that the password doesnt work. Especially with caps, symbols etc.
3 votes
- Don't see your idea?