Page tree
Skip to end of metadata
Go to start of metadata

For cPanel & WHM version 60

(Home >> Security >> Two-Factor Authentication)

Overview

Two-factor authentication (2FA) is an improved security measure that requires two forms of identification: your password and a generated security code. With 2FA enabled, an application on your smartphone supplies a code that you must enter with your password to log in. Without your smartphone, you cannot log in.

Note:

Two-factor authentication requires a smartphone with a supported time-based one-time password (TOTP) app. We suggest the following apps:

Configure two-factor authentication

To configure two-factor authentication, perform the following steps:

  1. Click Set Up Two-Factor Authentication.
  2. To configure two-factor authentication, you must create a "link" between your cPanel account and your 2FA app: 
    • To automatically create the link, scan the displayed QR code with your app.
    • To manually create the link, enter the provided Account and Key information into your app.
  3. Open your 2FA app to retrieve the six-digit security code.

    Note:

     The 2FA app generates a new six-digit security code for your cPanel account every 30 seconds.

  4. Enter the six-digit security code in the Security Code text box.

    Note:

    You must enter the security code within 30 seconds. After time expires, the app will generate a new six-digit code.

  5. Click Configure Two-Factor Authentication.

    Note:

    If you see a Failed to set user configuration: The security code is invalid. error, a problem may exist with the date and time settings on your server. To fix the issue, contact your hosting provider or system administrator.

Remove two-factor authentication

To remove two-factor authentication, click Remove Two-Factor Authentication.

Reconfigure two-factor authentication

To reconfigure two-factor authentication, click Reconfigure. Follow the steps to configure two-factor authentication.

Warning:

If you reconfigure 2FA for your account, any existing configurations will no longer produce valid security codes.

In This Document

Related Documentation

There is no content with the specified labels

For Hosting Providers

There is no content with the specified labels