Welcome to the new Box Support website. Check out all the details here on what’s changed.

2 Factor Authentication is a step backwards for security

New post


1 comment

  • AJ

    Hi Douglas,

    Welcome to the Box Community!

    I'm sorry for the confusion and phone support request is only available for business accounts and higher.

    I see that we’ve already addressed your concern via ticket #2621631 but let me explain further.

    Why is Box requiring a cell phone be used to accomplish 2 factor authentication? If your organization does not use single sign-on (SSO) for authentication, Box enables users to set up 2-factor authentication for their accounts. The first factor is a password. The second factor is a one-time password (OTP), which is the possession factor, and users can choose SMS or authenticator apps for their second factor.

    • SMS is short message service, the text messaging you use on your phone, and receives one-time passwords created from a secure random generator.

    "VIP Access" app that you are choosing for 2FA is not recommended. Box 2FA supports authenticator apps that are compliant with the TOTP (time-based one-time password) algorithm, which is defined by the Internet Engineering Task Force specification, IETF-6238. Applications that follow this specification include Google Authenticator, Microsoft Authenticator, Authy, Duo, and LastPass, however, your administrator may require that you use a specific TOTP-compliant authenticator app.

    Checking further with "VIP Access" that this can either be accessed through phone app also or desktop app. 




    Comment actions Permalink

Post is closed for comments.