Home > Help Center > Shared Hosting > Control Panel > How to use Two Factor Authentication in cPanel

How to use Two Factor Authentication in cPanel

Two-factor authentication (TFA) is an improved security measure that requires two forms of identification: your password and a generated security code.

With TFA enabled, an application on your smartphone supplies a code that you must enter with your password to log in. Without your smartphone, you cannot log in.

Two-factor authentication requires a smartphone with a supported time-based one-time password (TOTP) app. We suggest the following apps:

  • For Android, iOS, and Blackberry — Google Authenticator
  • For Android and iOS — Duo Mobile
  • For Windows Phone — Authenticator

In our example we'll use Google Authenticator.

Complete instructions on how to install and setup the app can be found in this article: Install Google Authenticator

cpanel two factor authentication

Login your cPanel > Security and click Two-Factor Authentication link:

cpanel two factor authentication

Configure two-factor authentication

Click Set Up Two-Factor Authentication:

cpanel two factor authentication

To configure two-factor authentication, you must link your cPanel account and your TFA app:

  • Automatically - create the link, scan the displayed QR code with your app.
  • Manually - create the link, enter the provided Account and Key information in your app.

cpanel two factor authentication

Open your TFA app to retrieve the six-digit security code:

cpanel two factor authentication

Note: The TFA app generates a new six-digit security code for your cPanel account every 30 seconds.

You must enter the security code within 30 seconds. After time expires, the app will generate a new six-digit code.

Enter the six-digit security code in the Security Code text box:

cpanel two factor authentication

Click Configure Two-Factor Authentication.

Note: If you see a Failed to set user configuration: The security code is invalid. error, a problem may exist with the date and time settings on your server. To fix the issue, contact your hosting provider or system administrator.

Remove Two-Factor Authentication

To remove two-factor authentication, click Remove Two-Factor Authentication and confirm that you want to remove it:

cpanel two factor authentication

A confirmation message will appear:

cpanel two factor authentication

To reconfigure two-factor authentication, click Reconfigure. Follow the steps to configure two-factor authentication. If you reconfigure TFA for your account, any existing configurations will no longer produce valid security codes.

Let's see how Two-Factor Authentication works. You are logging in your cPanel as usual with username and password:

cpanel two factor authentication

But instead to log you in the cPanel opens a second login screen where you must enter the six-digit code generated by Google Authenticator:

cpanel two factor authentication

Enter the code in the text box and click Continue:

cpanel two factor authentication

Welcome to your cPanel Home.

#security

Still not finding what you're looking for?

Contact our support team with any additional questions or concerns.

Contact support