As part of Box's continuous investment in security, we are enhancing our authentication infrastructure by transitioning to a more secure form of tokens. This change is designed to better protect your account and content with an additional layer of security, and will be rolling out starting with Box Desktop, with other Box apps to follow.
Our platform has always issued authentication tokens as part of our secure credential management framework. We are now advancing this framework by moving to session-bound tokens, where credentials are tied to a specific authenticated session. Not only does this allow for tokens to expire when a session ends or reaches its maximum duration, but also since these tokens are session-bound, token management becomes more centralized, allowing for a consistent point of control. This builds on the strong authentication controls already in place at Box, further strengthening the lifecycle management of credentials.
This enhancement is implemented at the infrastructure level and will take effect automatically, requiring no customer action. The initial roll-out applies to Box Desktop versions 2.49+.
If you have any questions or concerns about how this change affects your Box experience, please contact your account team.