Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
- or
629 results found
-
2fa
Title: 2FA – Session Level NOT Machine Level
Category: 2FA
Idea:
After enabling 2FA:
Steps followed:
Quit Safari (v14.0.3) (Cmd+Q)
Launch Safari
Navigate to account.box.com/login
Login without 2FA (2FA enabled)
As a separate test, I also removed my Safari session from Box security, quit Safari (Cmd+Q), opened Safari and was able to login without a 2FA credential.
When a user removes an active session (or saved login location), any new login attempts should be seen as a new computer, and thus prompt for the credentials setup by the user logging in.
I was able to get Box to…
1 vote -
2FA enabled Report
report that would show a list of users who currently have 2fa enabled.
5 votes -
2FA support in Czech Republic
2FA is available in most countries, even by sms it is serious security improvement, Box already knows and uses 2FA anyway
3 votesYou can get 2FA via SMS or TOTP.
-
External 2FA - use email instead of SMS
2FA for external users - have the option to have the second factor email instead of text. Or give the option for either text or email.
46 votesThis feature is available. Let us know if you need more details on enablement.
-
Disable 2FA on Business edition
There are the case administrator want to disable user's 2FA.
- Own mobile devise with 2FA integrated is lost
- User removes TOTP app on own mobile device with 2FA integrated
However, admin cannot disable the user's 2FA on Business edition because instant logins cannot be available.
Please improve to add the feature admin is able to disable managed user's 2FA with Business edition.
1 vote -
Enable 2FA renewal requirement options for external collaborators
Background:
2FA for external collaborators does not require a re-2FA. The only way an external person will have to re-2FA is if they switch browsers or clear cache/history. I have an external user that set up 2FA in November of 2021 that hasn’t had to re-2FA to our box environment since. It has been so long that she didn’t even remember setting it up (it is Aug ’22 now). The current box 2FA implementation effectively moves the security away from box and on to the end user’s device / environment. Being external partners, we have no…22 votes -
Allow co-admin to manage 2FA
Allow co-admins to "exempt" users from 2FA. Once 2FA is required by the company, only the primary admin can let users who delete their Authentication app, back into Box.
1 vote -
email as only option for 2fa
In the 2FA options there are options for i) TOTP ii) TOTP, Email, SMS - however there is not an option for just email only. Can this option be added for Email only
9 votes -
UX switching 2FA method
Changing 2FA method requires removing first. This breaks existing shared feeds for others and is alarming.
The way you need to re-accept then go back and forth between pages refreshing each time before it shows as re-established is far from "Simple" or intuitive.1 vote -
Select which 2FA/2SV feature
There are currently 2 2FA mechanisms, SMS or Auth App.
We would like to be able to select which mechanism to be available to users. We want to avoid users from having to use SMS1 vote -
Box Sign: add option to require recipient 2FA on template definition
Add the option to define that 2FA is required for some recipients (signers), on template definition itself.
That way, in combination with template locking admin can enforce users to set it while using the template21 votesWe're pleased to announce that the feature you voted for has been released. You can now set additional recipient verification and password at template level. For more details, please refer to our Box Sign support article or read the public announcement.
-
Report on users exempted on 2FA
We would like a report that shows all exempt 2FA users from the Admin Console.
1 vote -
Allow using 2FA for free accounts
Hello,
It is very regrettable that BOX doesn't provide the possibility to set up 2FA security connection for theirs free account users! To have this level of security connection to the BOX account doesn't mean to profit extra services, quality, support, etc., but simply protect the BOX account and safe private data.
That's should be nowadays including in base services, that's not an extra!
To compromise the security of free BOX account users by blocking to use a worldly recommended 2FA security system, is simply contemptuous and dangerous.
Can BOX revise this issue?
1 vote -
2FA when logging in using external password
When SSO is enabled, users can use external passwords to access services that do not support SSO login. Security teams want to be able to enforce 2FA on logins using external passwords.
2 votes -
Managed and Un-Managed users 2FA Provisioning & Enforcement for all business packages
Regretfully, Basic Business package does not provision enforcement of 2FA for managed users and no 2FA at all for external collaborators. ,Security Feature availability \ enforcement of 2FA for Managed and Un-Managed users should be included in all business packages ... 2FA is a must have security feature for all users accessing firm's data.
1 vote -
Users should be able to set up 2FA on their phones
We invite external users who only have phones. However, we are set up for 2FA. That means these users need to find a computer to login via the webapp to set up 2FA before we can begin collaborating. This is an issue. The mobile interface should allow 2FA to be set up.
1 vote -
Add hardware token security for 2FA
Yubikeys and similar devices allow for hardware token security and are highly recommended. We want to implement it across devices (ipad, iphone, android, MacOS, Windows) and this must include Box
SMS 2 factor is considered very hackable and has been hacked many times.
How can we use Yubikeys with Box.com ? What are your plans on this?74 votesSupport for FIDO2/WebAuthn security key for authentication into Box is currently in development
-
Make 2FA by e-mail work for the accessible-site
Make 2FA by e-mail work for the accessible-site
1 vote -
Require security step before granting ability to remove 2FA option
May have discovered a glaring security vulnerability. You should add an additional security step before allowing for removal of 2FA security verification on an account.
1 vote -
Make 2FA via SMS in Box Sign the First Step, Not Last
Box Sign offers a 2F authentication method via SMS, however, on the signer does not have to complete the 2FA until the very last step. This poses challenges for our use case as we have PHI data on the documents requiring signature so we need this authentication to occur FIRST rather than LAST to ensure that we have authenticated the user before they can even view the document.
10 votesWe're pleased to announce that the improvement you voted for has been released. For more details, please refer to our public announcement.
- Don't see your idea?