As part of Box’s ongoing efforts to protect our customers against account takeover threats, we will be rolling out a new tool that allows enterprises to detect user credentials that were exposed as part of a breach and require they be updated before accessing Box content. This new tool helps ensure frictionless security and compliance for our customers by ensuring the integrity of user credentials.
Identity remains one of the most critical components of your content security strategy, and being able to trust user accounts to be the owner, and not bad actors with stolen credentials, is essential to responsible and secure collaboration. Our exposed password detection tool addresses a common issue of employees reusing credentials (email + password) across a number of personal applications, as well as their Box account. If one of those other applications is compromised, bad actors now in possession of those credentials will test them against many other applications, which can lead to a data breach.
To help protect our customers, we are releasing a new toggle within the admin console that compares external user credentials to a list of known compromised credentials, and automatically notifies the user and blocks access if they are using potentially compromised credentials. The user will be required to update their password before being granted access to the Box content they were collaborating on.
This is currently in place only for external users accessing a Box account set to require strong passwords. It will be available to Enterprise accounts and above.
To learn more about the Box Admin Console, look here.