This guide will take you through enabling two-factor authentication for your Brightbox user account.
Conventional username and password authentication is susceptible to password stealing, such as phishing attacks which trick a user into logging into a fake site and steal their credentials.
Two-factor authenticaton, also known as 2FA, protects you these kinds of issues by requiring an additional single-use code to log in, usually generated by an app on your phone.
You will need a Time-based One-Time Password (TOTP) generator such as Google Authenticator or FreeOTP.
Setup your two-factor application
Firstly, log in to Brightbox Manager as usual with your email address and password.
Then click the user menu up at the top right and select
Then click the
Setup Two-factor Auth button and you’ll be presented with
a QR barcode which you should scan with your TOTP generator app.
Scan the QR and a new entry should appear in your app labelled “Brightbox”. Tap
the entry to get your first code, which will be a six digit number, and enter it
into the box in Brightbox Manager and click
Two-factor authentication is now enabled.
Save your backup codes
You’re now given five backup codes for use recovering access if you ever lose the ability to generate new one-time codes. Each backup code can be used only once and you cannot create any more of them, so once you’ve recovered access you should immediately reconfigure two-factor authentication with a new device.
This is the only time the backup codes are ever displayed to you, so note them down and store them securely, like you would a password.
Logging in with two-factor authentication
Different tools support two-factor authencation in different ways.
Tools that natively support two-factor will prompt you for your code explicitly.
Brightbox Manager and the Brightbox CLI natively supports two-factor authentication so after logging in as usual with your email and password you’ll then be prompted for your two-factor code before you can continue.
You’ll then only need to enter a new code if your session expires (usually a few hours) or after you explicitly log out.
Two-factor code in your password field
You can also provide your two-factor code up-front, as part of your password. This works with any existing tool that already works with Brightbox.
Enter your email address as your username as usual, then for the password enter
your password with a two-factor code tagged on the end separated by a
Email: firstname.lastname@example.org Password: mypassword+123456
If the tool properly supports Brightbox OAuth authentication and caches the OAuth token, then you’ll only need to enter a code when your session expires (usually a couple of hours). Otherwise you’ll need to provide a new code every time you run the tool. That can be tiresome so instead you can use Temporary access tokens as your password.
Temporary access tokens
Temporary access tokens are randomly generated passwords for your user that expire after a couple of hours. You can use them in place of your password to login with any tool that doesn’t support two-factor authentication.
You can obtain a temporary access token using the Brightbox CLI:
$ brightbox token create --format=token dd02c7c2232759874e1c205587017b9d99d9ddee
That token can then be used with other tools as the password:
Email: email@example.com Password: dd02c7c2232759874e1c205587017b9d99d9ddee