Using Two-Factor Authentication

Two-Factor Authentication, also known as 2FA, is a two-step verification process that adds an extra layer of security to an application. It requires not only a username and password but also something, such as a piece of information or a token that only you can know. This makes it harder for potential intruders to gain access to your data.

In SiteSpect, 2FA is an optional feature. If your organization has opted to turn it on, you will be required to use it. When 2FA is turned on, you will be able to continue working in your current session; your active session will not be interrupted. However, the next time you log in to SiteSpect, you will see the following message, prompting you to set up 2FA:

Using Two-Factor Authentication

To complete 2FA setup, you'll need to locate the email sent by the SiteSpect system. In addition, you'll need to install an authenticator app, if you don't already have one. We recommend Google Authenticator, but other apps such as Authy or WinAuth will work as well.

  1. Install an authenticator app, if you don't already have one. If you haven't used an authenticator app before, see Using an Authenticator App.
  2. Locate the email mentioned in the 2FA dialog above and click on the confirm link. When you do, the following page opens:

    Using Two-Factor Authentication - Scan Your QR Code
  3. Open your authenticator app and locate its scan function. Using your mobile device and its authenticator app, scan the QR code on the screen. When you do, the app displays a Key as in the following image.

    Using Two-Factor Authentication - Authenticator
  4. Enter the Key into box number 3 in step 2 above and click Log in.
  5. Next, SiteSpect prompts you for your standard username and password. Enter those.

The next time you log in to SiteSpect, it prompts you for your token (key) with the following image:

Using Two-Factor Authentication - Enter Your Verification Code

Once again, you'll have to check the authenticator app on your mobile device to get the most recent code and enter it in the token field.

Note: Once you've scanned the QR code, your app will remember it. You can go back to the app at a later time and find that it still knows about SiteSpect. The Key changes every 30 seconds, or an interval set by your app. The authenticator app remembers SiteSpect even if you close and reopen it.

Select Remember This Device and SiteSpect will store the device. The next time you log in from this device, you will not have to enter a token. SiteSpect remembers the device for the number of days set by your admin.

Using an Authenticator App

If you have never used an authenticator app, you may find the following instructions helpful. Keep in mind that these instructions are generic and don't cover specific steps for a given authenticator. For step-by-step instructions for your chosen authenticator, check out its documentation.

Authenticator apps help to add a layer of security to your login credentials. They run on mobile devices and help implement Two-Factor Authentication (2FA) services using a one-time password (or key) that authenticates users of software programs that have 2FA enabled, such as SiteSpect. Users must provide the key in addition to their SiteSpect username and password when logging in. SiteSpect remembers the key for a specified number of days, which an admin sets while enabling 2FA.

This is how you'll use your authenticator app with SiteSpect:

  1. When you get to the page that contains a QR code (step 2 above), launch the authenticator app on your mobile device.
  2. Find the QR scanning function of your app and use it to scan the QR code right from your computer screen, an example of which is displayed in step 2 above.
  3. Your authenticator displays a key. That key is time-limited and only known to you. If you wait too long to use it, it may expire and you'll have to get a new key.
  4. Use the key to complete the field in box 3 of the Scan Your QR Code page above.

Managing Trusted Devices

If you find that one of your devices is no longer a trusted device, you can ask SiteSpect to forget that device. To do so:

  1. Select Your Profile from the Your Account menu in the upper right corner of the page.
  2. Select the Security tab as shown in the following image.

    Using Two-Factor Authentication - Managing Trusted Devices
  3. Click the X in the same row as the device to remove it from the list.

The next time a user tries to log in with a “forgotten” device, SiteSpect asks the user to enter the Key again.

How do I set up a new phone?

To set up a new phone, contact the SiteSpect Help Desk or +1-844-859-1900 to reset your Secret Key. When the Secret Key is reset, you will receive an email with instructions to setup 2FA on your new phone.

I can't login with 2FA; what should I do?

Contact the SiteSpect Help Desk or +1-844-859-1900 to disable 2FA for your account. The next time you try to log in, SiteSpect will not ask you to use 2FA.