How to Configure and Use Two-Factor Authentication

Configure 2FA

Configuring 2FA is simple via the cPanel interface. Follow the steps below to learn how to setup two-factor authentication.

NOTE: A smartphone device is required for setting up 2FA.

NOTE: For VPS and Dedicated servers, Two-Factor Authentication will need to be enabled from WHM. Instructions for VPS/Dedicated customers are available here.

1. Log into cPanel as the user you want to configure 2FA for.

1. In the cPanel search bar, type “two“.

1. Click on the Two-Factor Authentication icon.

1. Click the Set Up Two-Factor Authentication button to proceed.

Click one of the buttons below to expand and display instructions to use the QR (Quick Response) Code or Manual Entry to configure 2FA.

Once successful, you will see the following message:

cPanel Set Up Two-Factor Authentication success message displayed.

Now that you have configured this cPanel account to use 2FA, the cPanel user will be prompted to enter the security code (generated via the smartphone app) to log into cPanel.

Use 2FA

Once you have configured a cPanel user for 2FA, after entering the correct username and password combination to log into cPanel, a new page will load which prompts the user to enter the new security code generated from the smartphone app. (used to set up 2FA). Follow the instructions below to log into cPanel, when using 2FA.

NOTE: The smartphone device (and app) used to set up 2FA, is required to log into cPanel after 2FA is configured for the cPanel user.

1. On the cPanel login page, enter the user name and password combination. Then, click the Login button.

1. Open the smartphone app to generate a new security code.

1. Enter the security code in the field labeled: “Enter the security code for {your user}”. Then, click the Continue button.

NOTE: The security code is valid for about 30 seconds. If the code is not entered within that duration of time, the smartphone app will generate a new code, rendering the old code invalid.

Remove 2FA

If for some reason you are unable to log into cPanel after enabling 2FA, you can log into cPanel through your Account Management Panel (AMP). Once logged in, you can remove 2FA for the cPanel account. The following instructions will guide you through this process.

NOTE: If you are subscribed to a Reseller Hosting plan, your Account Management Panel (AMP) will log you into cPanel as the main reseller user. In order to remove 2FA for a child cPanel account (owned by the main reseller user), you will need to login to WHM through AMP and remove Two-Factor Authentication for the cPanel user that is unable to login. You can refer to our guide on Disabling Two-Factor Authentication for Reseller Child Accounts.

1. Log into your cPanel, via your Account Management Panel (AMP).

1. In the cPanel search bar, type “two“.

1. lick on the Two-Factor Authentication icon.

1. Click on the Remove Two-Factor Authentication button.

1. Now, click on the Remove button.

Once 2FA has been removed, you will receive the following message:

cPanel Remove Two-Factor Authentication Success message highlighted.

Now that 2FA has been removed for the cPanel user, that user will no longer be prompted for a security code and can log into cPanel using simply the username and password.

Updated on November 24, 2022

Was this article helpful?

Yes No