Skip to content

Help shape the future of Box

Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!

See user guide here.

What problem could Box solve for you?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

39 results found

  1. IP whitelisting (Web App only) for BoxNotes

    We have heard that IP whitelisting with Web App only cannot control BoxNotes.
    Could you improve IP whitelisting as you can control BoxNotes with Web App only?

    40 votes
    delivered  ·  0 comments  ·  Security  ·  Admin →

  2. 2 factor authentication

    Just been chatting with the support guys ... When turning on 2FA, the first log in prompts for the auth code. However, every login after that drops back to just asking for username/password. (unless you clear your browser down every time !)

    for 2fa to be effective, the system should ask for the auth code at every login otherwise there is no point in enabling it.

    7 votes
    3 comments  ·  Security  ·  Admin →

  3. advance generation of 2nd factor authentication codes

    provide an option to generate a one time code for 2 factor authentication in advance.

    We have a use case where an external organisation has provided a PC in their site where our users can log in to box, however our users are not allowed to bring their own devices (phones or laptops) onto the site.

    To continue using 2FA it would be useful if a user could generate a one time code in advance print it then use it as the 2nd factor when logging in to the machine proved by the external organisation.
    (similar to google authenticator backup…

    1 vote
    0 comments  ·  Security  ·  Admin →

  4. Proper 2-factor authentication with TOTP not SMS

    Using SMS for 2-factor authentication is oudated and insecure. Using TOTP is an industry standard and should be implemented.

    20 votes
    6 comments  ·  Security  ·  Admin →

  5. Two-factor authentication with authenticator apps

    It should be possible for 2FA login to be via an authenticator app as opposed to SMS. This is arguably more secure and more convenient and something competitors offer.

    3 votes
    1 comment  ·  Security  ·  Admin →

  6. Add SentinelOne as an approved antivirus for Device Trust

    Please add SentinelOne to the list of Antivirus vendors as part of the Box Device Trust settings!

    2 votes
    0 comments  ·  Security  ·  Admin →

  7. 2FA support in Czech Republic

    2FA is available in most countries, even by sms it is serious security improvement, Box already knows and uses 2FA anyway

    3 votes
    0 comments  ·  Security  ·  Admin →

  8. External 2FA - use email instead of SMS

    2FA for external users - have the option to have the second factor email instead of text. Or give the option for either text or email.

    46 votes
    13 comments  ·  Security  ·  Admin →

  9. Authy 2 Factor Authentication.

    Include Vietnam in 2-FA or remove it from the list of countries in the menu when trying to add 2FA.

    2 votes
    0 comments  ·  Security  ·  Admin →

  10. Please consider combining all of chains requesting 2-factor authentication via the likes of Google Authenticator and/or Yubikey

    There are several chains below which are basically requesting the same thing. If you combined all of those into one chain, I'm pretty sure the combined total votes would be the highest in the Security topic. Providing 2-factor authentication via something like Google Authenticator and/or options like Yubikey is absolutely necessary. If we are not given this option, our auditor will require that we stop using Box within about 2 months. I'm doing everything I can to keep Box. It works so well for my team. I don't want to lose it. PLEASE make this a priority.

    3 votes
    0 comments  ·  Security  ·  Admin →

  11. MFA

    MFA only supports SMS method which is very inconvenience and insecure! Hope you guys can support token-based methods soon. Thanks

    6 votes
    1 comment  ·  Security  ·  Admin →

  12. Getting Notifications that Don't apply to non-admins

    When I logged into Box this morning, I saw the following note in the lower right-hand corner of my home screen.

    Your Box account has been growing!
    A growing number of users at your company have signed up for Box accounts – exceeding the number seats included in your plan by {{MLDATAOVERAGE_SEATS}}. To adjust this license overage, add seats to your plan using the link below.

    1. We do have seats available
    2. I am not an admin so this shouldn't be a notification I should receive.
    1 vote
    0 comments  ·  Security  ·  Admin →

  13. can not preview the file in the open link folder when the watermark and password are set

    can not preview the file in the open link folder the following settings
    ・Watermarking :on
    ・Password : set

    Request:Improvement of the above issue

    12 votes
    0 comments  ·  Security  ·  Admin →

  14. Watermarked PDFs should remain searchable

    When downloading a watermarked PDF, users lose the ability to search content of the file. It appears Box is converting the file to an image on download. Text should still remain searchable

    5 votes
    0 comments  ·  Security  ·  Admin →

  15. Additional Device Trust granularity

    We would like to do an ownership check (domain or cert presence) for certain groups of users but not ALL users. We would like variability by user/group: e.g. users to touch tax documents must work on company-owned device, while most employees must have non-ownership checks (like disk encryption).

    6 votes
    1 comment  ·  Security  ·  Admin →

  16. Add a way to forget all of a user's sessions (logins, apps, browsers, etc.) via the API

    16 votes
    6 comments  ·  Security  ·  Admin →

  17. Ability to do a OR condition check between certificates and windows domain check in the Device Ownership requirement

    Employees will have company provided laptops which will be on SE domains. Contractors or Bring your Own laptop crowd will receive security certificate through MDM solution and they would be able to access Box based on that. Pushing the certificate to all internal 100K+ laptops is a technical challenge.

    22 votes
    delivered  ·  0 comments  ·  Security  ·  Admin →

  18. Users without cell phones

    I am attempting to build a Box app. In the app configuration pages, when I try to generate a public private keypair, I am required to enable two factor authentication. I don't have a cell phone, so when I attempt to enable, a code is sent to my land line and summarily vaporizes. So I can't enable two factor, I can't generate public/private key pair - summarily inconvenienced (to be nice). I need to use JWT. OAuth is not an option. In summary, two factor without a cell phone???????? Developers missed a scenario. Time to fix it.

    2 votes
    0 comments  ·  Security  ·  Admin →

  19. Allow Google Authenticator for 2FA instead of SMS.

    94 votes
    delivered  ·  30 comments  ·  Security  ·  Admin →

  20. Ability to whitelist Azure Active Directory Domains

    8 votes
    delivered  ·  0 comments  ·  Security  ·  Admin →
← Previous 1
  • Don't see your idea?

Help shape the future of Box

Categories

Feedback and Knowledge Base

(thinking…)

By entering and viewing this page, you agree to be bound by (1) UserVoice Terms of Service and the (2) Box Community Terms of Use. In the event of a direct conflict between the foregoing terms of service with respect to the Box Community Guidelines, Feedback and Suggestions, the Box Community Terms of Use shall take precedence as between you and Box.