To enable 2-factor authentication for your individual account:
- Click on your initials in the top-right corner of the page, and select Account Settings.
- Under the Account tab, scroll to find the Authentication section.
- Check the box for Require 2-step verification to protect your account. Box prompts you for your phone number to enable 2FA.
Box offers SMS (text message) as the second authentication factor, and the following countries support this method as of September 2019:
Africa and Middle East: Algeria, Angola, Bahrain, Benin, Botswana, Burkina Faso, Burundi, Cameroon, Cape Verde, Central Africa, Chad, Comoros, Congo, Djibouti, DR Congo, Equatorial Guinea, Ethiopia, Eritrea, Gabon, Gambia, Ghana, Guinea, Guinea-Bissau, Iran, Iraq, Israel, Ivory Coast, Lebanon, Lesotho, Liberia, Libya, Madagascar, Malawi, Mali, Mauritania, Mauritius, Morocco, Mozambique, Namibia, Niger, Nigeria, Reunion/Mayotte, Rwanda, Sao Tome and Principe, Senegal, Seychelles, Sierra Leone, Somalia, South Africa, South Sudan, Sudan, Swaziland, Syria, Togo, Tunisia, Uganda, Yemen, Zambia, Zimbabwe
Asia: Afghanistan, Azerbaijan, Bangladesh, Bhutan, Brunei, Cambodia, China, East Timor, Georgia, Hong Kong, India, Japan, Korea Republic of, Kyrgyzstan, Laos PDR, Macau, Malaysia, Maldives, Mongolia, Myanmar, Nepal, Pakistan, Singapore, Sri Lanka, Taiwan, Tajikistan, Turkmenistan, Uzbekistan
Europe: Albania, Andorra, Austria, Belgium, Bosnia and Herzegovina, Bulgaria, Croatia, Cyprus, Denmark, Estonia, Faroe Islands, Finland, France, Germany, Gibraltar, Greece, Greenland, Guernsey, Hungary, Iceland, Ireland, Italy, Jersey, Latvia, Liechtenstein, Lithuania, Luxembourg, Macedonia, Malta, Moldova, Monaco, Montenegro, Netherlands, Netherlands Antilles, Norway, Poland, Portugal, Romania, San Marino, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Ukraine, United Kingdom
North America: Anguilla, Antigua and Barbuda, Aruba, Bahamas, Barbados, Belize, Bermuda, Canada, Cayman Islands, Costa Rica, Cuba, Dominica, Dominican Republic, El Salvador, Grenada, Guadeloupe, Guatemala, Haiti, Honduras, Jamaica, Martinique, Mexico, Montserrat, Nicaragua, Panama, Puerto Rico, St Kitts and Nevis, St Lucia, St Pierre and Miquelon, St Vincent Grenadines, Trinidad and Tobago, Turks and Caicos Islands, United States, Virgin Islands, British, Virgin Islands, U.S.
Oceania: American Samoa, Australia, Cook Islands, Fiji, French Polynesia, Guam, Marshall Islands, Micronesia, New Caledonia, New Zealand, Norfolk Islands, Niue, Palau, Papua New Guinea, Samoa, Solomon Islands, Tonga, Tuvalu, Vanuatu
South America: Argentina, Bolivia, Brazil, Chile, Colombia, Ecuador, Falkland Islands, French Guiana, Guyana, Paraguay, Peru, Suriname, Uruguay, Venezuela
If you're locked out of your account
If you find yourself locked out of your account due to a changed phone number, or for some other reason cannot access the confirmation codes sent to your mobile device, please contact your primary admin, who can disable 2FA on your account. Business Plus and Enterprise admins can use the instant login feature in the Admin Console to disable 2FA in a user's Account Settings.
If you are in a Personal, Starter or Business account, please reach out to Box Product Support for assistance.