The whole purpose of MFA is to add more security to whatever the MFA is connected to. Currently Box does not require users to be prompted again for MFA once they have signed in successfully to that browser. This browser is now trusted until the cache is cleared. I believe there should be multiple options for MFA in which it can be kept like it is now or at least give admins the option to set it to every time, or after a certain amount of hours/days pass. Leaving it as it is now doesn't leaves the users box data vulnerable is a malicious actor gets onto their the users trusted machine and knows their box password. I know that would be a lot to have just those two but then the thing that should keep the malicious actor out is the MFA. This is even more important when it comes to clients with HIPPA compliance. Please make this happen.
Anonymous
The whole purpose of MFA is to add more security to whatever the MFA is connected to. Currently Box does not require users to be prompted again for MFA once they have signed in successfully to that browser. This browser is now trusted until the cache is cleared. I believe there should be multiple options for MFA in which it can be kept like it is now or at least give admins the option to set it to every time, or after a certain amount of hours/days pass. Leaving it as it is now doesn't leaves the users box data vulnerable is a malicious actor gets onto their the users trusted machine and knows their box password. I know that would be a lot to have just those two but then the thing that should keep the malicious actor out is the MFA. This is even more important when it comes to clients with HIPPA compliance. Please make this happen.