2 Factor Authentication is a step backwards for security
Cell phones are PERSONAL devices, not BUSINESS devices... why is Box requiring a cell phone be used to accomplish 2 factor authentication? Box needs to allow authentication programs that can be installed on the desktop computer.
Look at Symantec Validation & ID Protection program "VIP Access"
Also Box will not call me to address this... received a few emails but they do not understand the issue... after several days of trading emails.
I am ready to drop Box over this... and I hope to convince many other large clients to do the same until Box fixes this.
-
Hi Douglas,
Welcome to the Box Community!
I'm sorry for the confusion and phone support request is only available for business accounts and higher.
I see that we’ve already addressed your concern via ticket #2621631 but let me explain further.
Why is Box requiring a cell phone be used to accomplish 2 factor authentication? If your organization does not use single sign-on (SSO) for authentication, Box enables users to set up 2-factor authentication for their accounts. The first factor is a password. The second factor is a one-time password (OTP), which is the possession factor, and users can choose SMS or authenticator apps for their second factor.
- SMS is short message service, the text messaging you use on your phone, and receives one-time passwords created from a secure random generator.
"VIP Access" app that you are choosing for 2FA is not recommended. Box 2FA supports authenticator apps that are compliant with the TOTP (time-based one-time password) algorithm, which is defined by the Internet Engineering Task Force specification, IETF-6238. Applications that follow this specification include Google Authenticator, Microsoft Authenticator, Authy, Duo, and LastPass, however, your administrator may require that you use a specific TOTP-compliant authenticator app.
Checking further with "VIP Access" that this can either be accessed through phone app also or desktop app.
Best,
投稿コメントは受け付けていません。
コメント
1件のコメント