How do I setup Two-Factor Authentication (2FA) on my cPanel account
What is Two-Factor Authentication (2FA)?
Two-factor authentication adds an additional layer of security to your cPanel account by adding a second step to your login.
In addition to something you know (i.e. your existing password) it adds what is known as a possession, or second factor - based on something you possess - which in this case will be an App on your mobile phone or desktop.
Since both are required to log in, even if an attacker has your password they can't access your account unless they also possess your phone or authentication app.
Why is Two-Factor Authentication necessary?
Passwords are often compromised when mobile devices or computers are stolen or infected with malware - or when insecure networks are used to retrieve passwords by email. They can often be guessed, they usually don't change very often, and despite advice otherwise, many of us have favourite passwords that we use for more than one thing. So 2FA gives you additional security because your password alone no longer allows access to your account
You'll need a 2FA app; we tested and like Authy (external link opens in a new window) - which has versions for iPhone & Android devices as well as desktop versions for Mac & PC and a Chrome browser extension.
- You'll need to be logged in to your cPanel and have a 2FA app like Authy (external link opens in a new window) installed before you'll be able to complete this process.
- Click Two-Factor Authentication within the Security section of cPanel
- Click on Set Up Two-Factor Authentication.
- You'll now see the Two-Factor Authentication setup screen - this has two steps.
Firstly you'll need to add a new account to your 2FA app.
Open your 2FA app and follow the app's instructions to add a new account. Authy have instructions for adding a new account (external link opens in a new window) on different devices.
- Once you've scanned the barcode, or added the account manually, the new account should appear in your app and begin generating One-Time Password (OTP) codes.
The second step is to enter a valid code from your 2FA App and click Configure Two-Factor Authentication.
- You'll now see a message confirming 2FA has been configured
- Returning to the Two-Factor Authentication setup screen will now show options to reconfigure 2FA or to remove it
Remove two-factor authentication
Clicking the Remove Two-Factor Authentication button will prompt to confirm removal and 2FA will be disabled.
Unable to create a 2FA code or use a backup code
If you're unable to generate a 2FA code - maybe you've changed phones or no longer have access to the 2FA - and you don't have access to your backup code you'll need to contact support and supply the required ID and we will disable it for you.