As part of Box's continuous investment in security, we are enhancing our authentication infrastructure by transitioning to a more secure form of tokens. This change is designed to better protect your account and content with an additional layer of security, and will be rolling out starting with Box Drive, with other Box native applications (I.e., Box Sign, Box Relay, etc.) to follow.
Our platform has always issued authentication tokens as part of our secure credential management framework. We are now advancing this framework by moving to session-bound tokens, where credentials are tied to a specific authenticated session. Not only does this allow for tokens to expire when a session ends or reaches its maximum duration, but also since these tokens are session-bound, token management becomes more centralized, allowing for a consistent point of control. This builds on the strong authentication controls already in place at Box, further strengthening the lifecycle management of credentials.
This enhancement is implemented at the infrastructure level and will take effect automatically, will not affect session settings nor will require any customer action. The initial roll-out will only apply to Box Drive versions 2.49 and above, previous versions will take effect at later dates.
If you have any questions or concerns about how this change affects your Box experience, please contact your account team.