As part of Box’s ongoing efforts to protect our customers against account takeover threats, we are rolling out a new tool that allows enterprises to detect user credentials that were exposed as part of a breach and require they be updated before accessing Box content. This new tool helps ensure frictionless security and compliance for our customers by ensuring the integrity of user credentials.
Identity remains one of the most critical components of your content security strategy, and being able to trust user accounts to be the owner, and not bad actors with stolen credentials, is essential to responsible and secure collaboration. Our exposed password detection tool addresses a common issue of employees reusing credentials (email + password) across a number of personal applications, as well as their Box account. If one of those other applications is compromised, bad actors now in possession of those credentials will test them against many other applications, which can lead to a data breach.
If admins choose to enable this new feature, Box will compare external user credentials to a list of known compromised credentials, and automatically notify the user and block access if they are using compromised credentials. The user will then be required to update their password before being granted access to the Box content they were collaborating on.
This is currently in place only for external users accessing a Box account set to require strong passwords. It will be available to Enterprise accounts and above.
To learn more about the Box Admin Console, look here.