Version 70 Documentation
Child pages
  • Two-Factor Authentication for cPanel
For cPanel & WHM version 70
Skip to end of metadata
Go to start of metadata

(cPanel >> Home >> Security >> Two-Factor Authentication)

Overview

Two-factor authentication (2FA) is an improved security measure that requires two forms of identification: your password and a generated security code. With 2FA enabled, an application on your smartphone supplies a code that you must enter with your password to log in. Without your smartphone, you cannot log in.

Note:

Two-factor authentication requires a smartphone with a supported time-based one-time password (TOTP) app. We suggest the following apps:

Enable two-factor authentication

To use this feature, your system administrators must enable it for you. Ask them to perform the following steps in WHM:

  1. Set the Two-Factor Authentication Security Policy toggle to On in WHM's Two-Factor Authentication interface (WHM >> Home >> Security >> Two-Factor Authentication).
  2. Grant the Two-Factor Authentication (Google Authenticator) feature to the desired users in WHM's Feature Manager interface (WHM >> Home >>  Packages >> Feature Manager).

Configure two-factor authentication

To configure two-factor authentication, perform the following steps:

  1. Click Set Up Two-Factor Authentication.
  2. To configure two-factor authentication, you must link your cPanel account and your 2FA app: 
    • To automatically create the link, scan the displayed QR code with your app.
    • To manually create the link, enter the provided Account and Key information in your app.

  3. Open your 2FA app to retrieve the six-digit security code.

    Note:

     The 2FA app generates a new six-digit security code for your cPanel account every 30 seconds.

  4. Enter the six-digit security code in the Security Code text box.

    Note:

    You must enter the security code within 30 seconds. After time expires, the app will generate a new six-digit code.

  5. Click Configure Two-Factor Authentication.

    Note:

    If you see a Failed to set user configuration: The security code is invalid. error, a problem may exist with the date and time settings on your server. To fix the issue, contact your hosting provider or system administrator. 

Remove two-factor authentication

To remove two-factor authentication, click Remove Two-Factor Authentication.

Reconfigure two-factor authentication

To reconfigure two-factor authentication, click Reconfigure. Follow the steps to configure two-factor authentication.

Warning:

If you reconfigure 2FA for your account, any existing configurations will no longer produce valid security codes.

In This Document

Related Documentation

For Hosting Providers

cPanel, WebHost Manager, and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers. ®2019 All rights reserved.