Page tree
Skip to end of metadata
Go to start of metadata

For cPanel & WHM version 64

(Home >> Security >> Two-Factor Authentication)

Overview

Two-factor authentication (2FA) is an improved security measure that requires two forms of identification: your password and a generated security code. With 2FA enabled, an application on your smartphone supplies a code that you must enter with your password to log in. Without your smartphone, you cannot log in.

Note:

Two-factor authentication requires a smartphone with a supported time-based one-time password (TOTP) app. We suggest the following apps:

Configure two-factor authentication

To configure two-factor authentication, perform the following steps:

  1. Click Set Up Two-Factor Authentication.
  2. To configure two-factor authentication, you must link your cPanel account and your 2FA app: 
    • To automatically create the link, scan the displayed QR code with your app.
    • To manually create the link, enter the provided Account and Key information in your app.
  3. Open your 2FA app to retrieve the six-digit security code.

    Note:

     The 2FA app generates a new six-digit security code for your cPanel account every 30 seconds.

  4. Enter the six-digit security code in the Security Code text box.

    Note:

    You must enter the security code within 30 seconds. After time expires, the app will generate a new six-digit code.

  5. Click Configure Two-Factor Authentication.

    Note:

    If you see a Failed to set user configuration: The security code is invalid. error, a problem may exist with the date and time settings on your server. To fix the issue, contact your hosting provider or system administrator. 

Remove two-factor authentication

To remove two-factor authentication, click Remove Two-Factor Authentication.

Reconfigure two-factor authentication

To reconfigure two-factor authentication, click Reconfigure. Follow the steps to configure two-factor authentication.

Warning:

If you reconfigure 2FA for your account, any existing configurations will no longer produce valid security codes.

In This Document

Related Documentation

For Hosting Providers