Help shape the future of Box
Welcome to Box Pulse, our product feedback tool powered by UserVoice. Got an idea for how to improve Box? Share it with us and gather support or vote on other people's ideas. Your feedback is essential to informing roadmap decisions and shaping the future of our products. Thanks for joining our community!
See user guide here.
- or
528 results found
-
2fa
Title: 2FA – Session Level NOT Machine Level
Category: 2FA
Idea:
After enabling 2FA:
Steps followed:
Quit Safari (v14.0.3) (Cmd+Q)
Launch Safari
Navigate to account.box.com/login
Login without 2FA (2FA enabled)
As a separate test, I also removed my Safari session from Box security, quit Safari (Cmd+Q), opened Safari and was able to login without a 2FA credential.
When a user removes an active session (or saved login location), any new login attempts should be seen as a new computer, and thus prompt for the credentials setup by the user logging in.
I was able to get Box to…
1 vote -
2FA enabled Report
report that would show a list of users who currently have 2fa enabled.
5 votes -
2FA support in Czech Republic
2FA is available in most countries, even by sms it is serious security improvement, Box already knows and uses 2FA anyway
3 votesYou can get 2FA via SMS or TOTP.
-
External 2FA - use email instead of SMS
2FA for external users - have the option to have the second factor email instead of text. Or give the option for either text or email.
46 votesThis feature is available. Let us know if you need more details on enablement.
-
Disable 2FA on Business edition
There are the case administrator want to disable user's 2FA.
- Own mobile devise with 2FA integrated is lost
- User removes TOTP app on own mobile device with 2FA integrated
However, admin cannot disable the user's 2FA on Business edition because instant logins cannot be available.
Please improve to add the feature admin is able to disable managed user's 2FA with Business edition.
1 vote -
Enable 2FA renewal requirement options for external collaborators
Background:
2FA for external collaborators does not require a re-2FA. The only way an external person will have to re-2FA is if they switch browsers or clear cache/history. I have an external user that set up 2FA in November of 2021 that hasn’t had to re-2FA to our box environment since. It has been so long that she didn’t even remember setting it up (it is Aug ’22 now). The current box 2FA implementation effectively moves the security away from box and on to the end user’s device / environment. Being external partners, we have no…7 votes -
Allow co-admin to manage 2FA
Allow co-admins to "exempt" users from 2FA. Once 2FA is required by the company, only the primary admin can let users who delete their Authentication app, back into Box.
1 vote -
UX switching 2FA method
Changing 2FA method requires removing first. This breaks existing shared feeds for others and is alarming.
The way you need to re-accept then go back and forth between pages refreshing each time before it shows as re-established is far from "Simple" or intuitive.1 vote -
Select which 2FA/2SV feature
There are currently 2 2FA mechanisms, SMS or Auth App.
We would like to be able to select which mechanism to be available to users. We want to avoid users from having to use SMS1 vote -
email as only option for 2fa
In the 2FA options there are options for i) TOTP ii) TOTP, Email, SMS - however there is not an option for just email only. Can this option be added for Email only
8 votes -
Box Sign: add option to require recipient 2FA on template definition
Add the option to define that 2FA is required for some recipients (signers), on template definition itself.
That way, in combination with template locking admin can enforce users to set it while using the template21 votes -
Report on users exempted on 2FA
We would like a report that shows all exempt 2FA users from the Admin Console.
1 vote -
Users should be able to set up 2FA on their phones
We invite external users who only have phones. However, we are set up for 2FA. That means these users need to find a computer to login via the webapp to set up 2FA before we can begin collaborating. This is an issue. The mobile interface should allow 2FA to be set up.
1 vote -
Make 2FA by e-mail work for the accessible-site
Make 2FA by e-mail work for the accessible-site
1 vote -
Add hardware token security for 2FA
Yubikeys and similar devices allow for hardware token security and are highly recommended. We want to implement it across devices (ipad, iphone, android, MacOS, Windows) and this must include Box
SMS 2 factor is considered very hackable and has been hacked many times.
How can we use Yubikeys with Box.com ? What are your plans on this?44 votesWe now have the ability to use TOTP for 2FA. In addition, admins can enforce TOTP for managed/external users.
We do want to support FIDO standards for 2FA in the future and will update this idea with more details once we have a concrete plan. -
2FA when logging in using external password
When SSO is enabled, users can use external passwords to access services that do not support SSO login. Security teams want to be able to enforce 2FA on logins using external passwords.
1 vote -
Require security step before granting ability to remove 2FA option
May have discovered a glaring security vulnerability. You should add an additional security step before allowing for removal of 2FA security verification on an account.
1 vote -
73 votes
Read more about this feature here: https://blog.box.com/enterprise-security-two-factor-authentication-external-users
-
Make 2FA via SMS in Box Sign the First Step, Not Last
Box Sign offers a 2F authentication method via SMS, however, on the signer does not have to complete the 2FA until the very last step. This poses challenges for our use case as we have PHI data on the documents requiring signature so we need this authentication to occur FIRST rather than LAST to ensure that we have authenticated the user before they can even view the document.
7 votes -
94 votes
- Don't see your idea?