Two-factor authentication (2FA) is a method of authentication where you need to complete two steps successfully in order to gain access to something.

On this page:


What is two-factor authentication?

Two-factor authentication (2FA) is a method of authentication where you need to complete two steps successfully in order to gain access to something.


In Sitebox the first step is filling in your username and password.

For the second step, you can choose between TOTP (Time-based One-time Password algorithm), or FIDO2 (Fast IDentity Online).


TOTP is a single-use code that is only valid for s short time. The code is generated by an app for your smartphone or tablet. The apps that can be used for Sitebox are Microsoft Authenticator or Google Authenticator.


FIDO2 uses a physical key. This is a small piece of hardware that may look like a USB-stick you can stick into the USB port of your laptop or computer. While some FIDO-keys are usable through Bluetooth or NFC (Near Fiel Communication), Sitebox requires your key to use the USB port of your laptop or computer.

Two-factor authentication can be set up for logging into Sitebox as a Sitebox user, as well as for visitors in order to gain access to the protected parts of your website.


Default 2FA settings

We can enable 2FA as a default setting for your Sitebox. This can be done for Sitebox users and visitors separately.


When we enable 2FA as a default setting, it will be activated for all existing and new login accounts. Your users/visitors or you as administrator will not be able to turn off the setting yourself.


Would you like us to enable 2FA as default for all Sitebox users and/or visitors? Contact us at helpdesk@care.nl, or through our contact form.


How to enable or disable 2FA as an Administrator

If 2FA is not enabled as default, the administrator can enable or disable it on a per-user/visitor basis.

Select the user or visitor and click the action button icon for edit 'edit' on the right hand side of the module. You will find the settings on the tab 'Two factor authentication'. 


screenshot of the module Sitebox users


There are three settings:


  • Forcibly enable 2FA: The user/visitor cannot disable the settings by themselves:

    screenshot of the 2FA settings for forcibly enabled
  • Enable 2FA: The user/visitor can disable or enable the settings by themselves:

    screenshot of the 2FA settings for enabled
  • Disable 2FA: The user/visitor can disable or enable the settings by themselves:

    screenshot of the 2FA settings for disabled


When 2FA is first enabled, the user/visitor will receive an e-mail with a 6-digit code upon their first login. This code can be used to gain access.


As soon as the user/visitor sets up their authenticator, the e-mails will stop being sent. Either the app will generate the code, or the FIDO-key will grant them access.


Should the user/visitor be unable to use their authenticator for any reason, you as the administrator still have the ability to override their authenticator and help them log in. You can do this by checking the box next to 'Recovery mode'. They will receive an authentication code by e-mail the next time they log in. Once the user/visitor is logged in, they can reset their authenticator themselves.


Recovery mode can also be used them the 2FA is enabled by default.


screenshot of the 2FA settings for enabled by default


Recovery mode will be disabled automatically once the user/visitor has logged in.


How to enable or disable 2FA as a Sitebox user

If 2FA is not mandatory, you as a Sitebox user have the choice to enable or disable it for your own account.


Choose 'My Profile' under the 'Sitebox' header.

screenshot of the menu under the Sitebox header
In the pop-up, just under the password settings, you will find the settings for two-factor authentication. When 2FA is mandatory, you only have the option to set-up your authenticator with 'Key management'. Otherwise, you will have the option to enable or disable 2FA.

screenshot of my profile


Set up your Authenticator

For two-factor authentication, you can choose between TOTP (Time-based One-time Password algorithm), or FIDO2 (Fast IDentity Online).


  • TOTP is a single-use code that is only valid for s short time. The code is generated by an app for your smartphone or tablet. The apps that can be used for Sitebox are Microsoft Authenticator or Google Authenticator.
    To link your authenticator to your Sitebox user account, you first have to download the app you wish to use. You can find more information on both apps here:

    Microsoft Authenticator
    Google Authenticator


    Once you've installed the app, choose 'My Profile' under the 'Sitebox' header.

    screenshot of the menu under the Sitebox header
    In the pop-up, just under the password settings, you will find the settings for two-factor authentication. When 2FA is mandatory, you only have the option to set-up your authenticator with 'Key management'. Otherwise, you will have the option to enable or disable 2FA.

    screenshot of my profile
    Click 'Key management' and then click 'Add new key'.

    screenshot of add new key
    Click TOTP (Google Authenticator / Microsoft Authenticator)

    screenshot of choose authentication method
    Open your authenticator app and add a new account. Scan the QR-code and wait till the app shows you a 6-digit code. Enter the code in the pop-up screen and click 'validate'.

    screenshot of validation screen TOTP
    Then you've entered a valid code, the validation screen will close. You can set-up more than one authentication method. Click 'OK' when you're done and close your profile.

    screenshot of added keys TOTP

  • FIDO2 uses a physical key. This is a small piece of hardware that may look like a USB-stick you can stick into the USB port of your laptop or computer. While some FIDO-keys are usable through Bluetooth or NFC (Near Fiel Communication), Sitebox requires your key to use the USB port of your laptop or computer.

    Choose 'My Profile' under the 'Sitebox' header.

    screenshot of the menu under the Sitebox header
    In the pop-up, just under the password settings, you will find the settings for two-factor authentication. When 2FA is mandatory, you only have the option to set-up your authenticator with 'Key management'. Otherwise, you will have the option to enable or disable 2FA.

    screenshot of my profile
    Click 'Key management' and then click 'Add new key'.

    screenshot of add new key
    Click WebAuthn (FIDO2).

    screenshot of choose authentication method
    If you haven't inserted your FIDO key, the pop-up screen will ask you to do so. Once you have, you will be asked to enter your password. The final step is to touch your security key in the correct area.


    Once you've completed all the steps, the validation screen will close. You can set-up more than one authentication method. Click 'OK' when you're done and close your profile.


Related Articles: