I see there are two options for 2FA Verification for External Collaborators. One is Authentication app, another one is Authentication app, Text Message (SMS) or Email. Our organization on longer considers Email MFA as a secured option. Once a malicious user gains access to an email account, they can perform a forgotten password action to gain a new password and then receive the two-factor code in the same email account. Also emails could be transmitted as unencrypted text depending on the setup.
Can Box please remove email MFA option for us? Also it will be great if FIDO option can be enabled for external users.
Anonymous
I see there are two options for 2FA Verification for External Collaborators. One is Authentication app, another one is Authentication app, Text Message (SMS) or Email. Our organization on longer considers Email MFA as a secured option. Once a malicious user gains access to an email account, they can perform a forgotten password action to gain a new password and then receive the two-factor code in the same email account. Also emails could be transmitted as unencrypted text depending on the setup.
Can Box please remove email MFA option for us? Also it will be great if FIDO option can be enabled for external users.
Thanks,