For cPanel & WHM version 64
(Home >> Security >> Two-Factor Authentication)
Overview
Two-factor authentication (2FA) is an improved security measure that requires two forms of identification: your password and a generated security code. With 2FA enabled, an application on your smartphone supplies a code that you must enter with your password to log in. Without your smartphone, you cannot log in.
Note:
Two-factor authentication requires a smartphone with a supported time-based one-time password (TOTP) app. We suggest the following apps:
- For Android, iOS, and Blackberry — Google Authenticator
- For Android and iOS — Duo Mobile
- For Windows Phone — Authenticator
Configure two-factor authentication
To configure two-factor authentication, perform the following steps:
- Click Set Up Two-Factor Authentication.
- To configure two-factor authentication, you must link your cPanel account and your 2FA app:
- To automatically create the link, scan the displayed QR code with your app.
- To manually create the link, enter the provided Account and Key information in your app.
-
Open your 2FA app to retrieve the six-digit security code.
Note:
The 2FA app generates a new six-digit security code for your cPanel account every 30 seconds.
-
Enter the six-digit security code in the Security Code text box.
Note:
You must enter the security code within 30 seconds. After time expires, the app will generate a new six-digit code.
-
Click Configure Two-Factor Authentication.
Note:
If you see a Failed to set user configuration: The security code is invalid. error, a problem may exist with the date and time settings on your server. To fix the issue, contact your hosting provider or system administrator.
Remove two-factor authentication
To remove two-factor authentication, click Remove Two-Factor Authentication.
Reconfigure two-factor authentication
To reconfigure two-factor authentication, click Reconfigure. Follow the steps to configure two-factor authentication.
Warning:
If you reconfigure 2FA for your account, any existing configurations will no longer produce valid security codes.