MFA not required after initial setup/login
I will be setting up MFA for all of our users of BOX
I setup my account first, setup my google authenticator, then typed the code.
I then logged out, and logged back in again, and it DID NOT PROMPT me to type MFA again.
I used the 'chat feature' here on box, and was told that this is a 'feature' of how box uses MFA, and that it will cache it indefinitely for the user on their browser.
I see this as a security risk, and how it goes against usage of MFA to validate it is the actual user.
Is there a way to get this fixed so we actually use MFA to validate the user?
Post is closed for comments.
Comments
3 comments