As organizations face increasingly sophisticated cyber threats, maintaining robust account security without introducing unnecessary friction for users is more critical than ever. To help take another step forward in securing your organization against these threats, Box will now support physical security keys as a Multi-Factor Authentication (MFA) method.
One of the greatest risks to content security is the threat of stolen credentials. Whether compromised through a social engineering attack, such as phishing, or stolen in a data breach, the bad actor with your credentials is able to evade otherwise potent security controls by pretending to be an authorized user. Traditional MFA solutions, like email, SMS, or TOTP, can help reduce this risk, but for the most critical, sensitive content, organizations may need to take it even one step further, which is where physical security keys come in. Unlike traditional email, SMS, or TOTP codes, security keys are physically bound to your device and of significantly more resilience against compromise. By integrating this hardware-based factor, Box is empowering our admins to harden their organization’s security posture, while still maintaining a fast, reliable login experience for users.
To learn more about configuring MFA for your organization, visit our Support Page.