In early 2021, Box added support for time-based one-time passwords (TOTP) as a second factor for authentication. Currently, end users can choose whether they want SMS or TOTP as their second factor. Given the stronger security provided by TOTP, admins want more control over this and with the update, admins will be able to enforce that all their external collaborators have to use TOTP.
You can find more information here.