cPanel - Security - Two-Factor Authentication
Two-Factor Authentication (2FA) for cPanel
Two-Factor Authentication (2FA) adds an extra layer of security by requiring two forms of identification. After entering your password, you’ll need a six-digit code from an app on your smartphone. Without this code, you can’t log in.
Note: Your hosting provider must enable 2FA in WHM for this feature to work.
How 2FA Works:
- Tracks authentication across all open browser windows. Logging out in one will log you out of the others.
This can also be enabled for **Webmail**.
Requirements:
- A smartphone with a TOTP (Time-Based One-Time Password) app. Recommended apps:
Google Authenticator™
Duo Mobile
Set Up 2FA
1. Click **Set Up Two-Factor Authentication** in cPanel.
2. Link your 2FA app:
- **Scan the QR code** (automatic), or
- **Enter the Account & Key manually** (manual setup).
3. Enter the six-digit code generated by your app before it expires.
4. Click **Configure Two-Factor Authentication**.
Tip: If you receive a “security code is invalid” error, your server's date/time may be off: contact your hosting provider.
Disable 2FA
Click **Remove Two-Factor Authentication**.
Reconfigure 2FA
Click **Reconfigure** to set up 2FA again.
This will overwrite the current setup, making old codes invalid.
Lost Access to Your 2FA App
Contact your system administrator to disable 2FA so you can regain access and reconfigure it.
Related cPanel Tutorials and How To Guides
A beginners guide to cPanel Step by step tutorials
Tweet Share Pin Email
Add Comment
This policy contains information about your privacy. By posting, you are declaring that you understand this policy:
- Your name, rating, website address, town, country, state and comment will be publicly displayed if entered.
- Aside from the data entered into these form fields, other stored data about your comment will include:
- Your IP address (not displayed)
- The time/date of your submission (displayed)
- Your email address will not be shared. It is collected for only two reasons:
- Administrative purposes, should a need to contact you arise.
- To inform you of new comments, should you subscribe to receive notifications.
- A cookie may be set on your computer. This is used to remember your inputs. It will expire by itself.
This policy is subject to change at any time and without notice.
These terms and conditions contain rules about posting comments. By submitting a comment, you are declaring that you agree with these rules:
- Although the administrator will attempt to moderate comments, it is impossible for every comment to have been moderated at any given time.
- You acknowledge that all comments express the views and opinions of the original author and not those of the administrator.
- You agree not to post any material which is knowingly false, obscene, hateful, threatening, harassing or invasive of a person's privacy.
- The administrator has the right to edit, move or remove any comment for any reason and without notice.
Failure to comply with these rules may result in being banned from submitting further comments.
These terms and conditions are subject to change at any time and without notice.
What is SSI? How To Use Server Side Includes
What Is Softaculous. The Best Automatic Script Installer
What is the Difference Between Magento and PrestaShop
What are The Best Self-Hosted Forums Programs, Scripts or Apps?
Comments