2 Factor Authentication is a step backwards for security
Cell phones are PERSONAL devices, not BUSINESS devices... why is Box requiring a cell phone be used to accomplish 2 factor authentication? Box needs to allow authentication programs that can be installed on the desktop computer.
Look at Symantec Validation & ID Protection program "VIP Access"
Also Box will not call me to address this... received a few emails but they do not understand the issue... after several days of trading emails.
I am ready to drop Box over this... and I hope to convince many other large clients to do the same until Box fixes this.
Welcome to the Box Community!
I'm sorry for the confusion and phone support request is only available for business accounts and higher.
I see that we’ve already addressed your concern via ticket #2621631 but let me explain further.
Why is Box requiring a cell phone be used to accomplish 2 factor authentication? If your organization does not use single sign-on (SSO) for authentication, Box enables users to set up 2-factor authentication for their accounts. The first factor is a password. The second factor is a one-time password (OTP), which is the possession factor, and users can choose SMS or authenticator apps for their second factor.
- SMS is short message service, the text messaging you use on your phone, and receives one-time passwords created from a secure random generator.
"VIP Access" app that you are choosing for 2FA is not recommended. Box 2FA supports authenticator apps that are compliant with the TOTP (time-based one-time password) algorithm, which is defined by the Internet Engineering Task Force specification, IETF-6238. Applications that follow this specification include Google Authenticator, Microsoft Authenticator, Authy, Duo, and LastPass, however, your administrator may require that you use a specific TOTP-compliant authenticator app.
Checking further with "VIP Access" that this can either be accessed through phone app also or desktop app.
Please sign in to leave a comment.