Skip to content

Anonymous

My feedback

1 result found

  1. 7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Anonymous commented  · 

    The whole purpose of MFA is to add more security to whatever the MFA is connected to. Currently Box does not require users to be prompted again for MFA once they have signed in successfully to that browser. This browser is now trusted until the cache is cleared. I believe there should be multiple options for MFA in which it can be kept like it is now or at least give admins the option to set it to every time, or after a certain amount of hours/days pass. Leaving it as it is now doesn't leaves the users box data vulnerable is a malicious actor gets onto their the users trusted machine and knows their box password. I know that would be a lot to have just those two but then the thing that should keep the malicious actor out is the MFA. This is even more important when it comes to clients with HIPPA compliance. Please make this happen.

    Anonymous supported this idea  · 

Feedback and Knowledge Base