Skip to main content
Question

2 Factor Authentication is a step backwards for security

  • May 22, 2025
  • 1 reply
  • 19 views
C
Forum|alt.badge.img

Cell phones are PERSONAL devices, not BUSINESS devices... why is Box requiring a cell phone be used to accomplish 2 factor authentication?  Box needs to allow authentication programs that can be installed on the desktop computer.

Look at Symantec Validation & ID Protection program "VIP Access"

Also Box will not call me to address this... received a few emails but they do not understand the issue... after several days of trading emails.

I am ready to drop Box over this... and I hope to convince many other large clients to do the same until Box fixes this.

 

    1 reply

    C
    Forum|alt.badge.img

    Hi Douglas,

    Welcome to the Box Community!

    I'm sorry for the confusion and phone support request is only available for business accounts and higher.

    I see that we’ve already addressed your concern via ticket #2621631 but let me explain further.

    Why is Box requiring a cell phone be used to accomplish 2 factor authentication? If your organization does not use single sign-on (SSO) for authentication, Box enables users to set up 2-factor authentication for their accounts. The first factor is a password. The second factor is a one-time password (OTP), which is the possession factor, and users can choose SMS or authenticator apps for their second factor.

    • SMS is short message service, the text messaging you use on your phone, and receives one-time passwords created from a secure random generator.

    "VIP Access" app that you are choosing for 2FA is not recommended. Box 2FA supports authenticator apps that are compliant with the TOTP (time-based one-time password) algorithm, which is defined by the Internet Engineering Task Force specification, IETF-6238. Applications that follow this specification include Google Authenticator, Microsoft Authenticator, Authy, Duo, and LastPass, however, your administrator may require that you use a specific TOTP-compliant authenticator app.

    Checking further with "VIP Access" that this can either be accessed through phone app also or desktop app. 

    Best,

     

     

    Terms of ServiceAccessibility statement