Skip to main content
Question

MFA not required after initial setup/login

  • May 22, 2025
  • 3 replies
  • 31 views
C
Forum|alt.badge.img

I will be setting up MFA for all of our users of BOX

I setup my account first, setup my google authenticator, then typed the code.

I then logged out, and logged back in again, and it DID NOT PROMPT me to type MFA again.

I used the 'chat feature' here on box, and was told that this is a 'feature' of how box uses MFA, and that it will cache it indefinitely for the user on their browser.

I see this as a security risk, and how it goes against usage of MFA to validate it is the actual user.

Is there a way to get this fixed so we actually use MFA to validate the user?

    3 replies

    C
    Forum|alt.badge.img

    I am also having this issue, though I haven't spoken to support about it yet. This defeats the entire point of MFA..

    C
    Forum|alt.badge.img

    Having the same issue with my usual browser (Chrome), I downloaded Mozilla/Firefox and tested it from there and it did invoke box's MFA/2FA.  I agree that enforcement in Chrome seemed rather lax compared to MFA that I use with other applications.   

    C
    Forum|alt.badge.img

    Clearing Chome's cache and then logging into box also caused box's MFA to invoke for me.

    Terms of ServiceAccessibility statement