Password & Security

Valid for versions 108 through the latest version



Last modified: December 8, 2022


This interface allows you to update your cPanel, team owner, or team user password. A strong password helps you to secure your cPanel account.

To learn more about team owners and users, read cPanel’s Manage Team interface (cPanel » Home » Preferences » Manage Team) documentation.


Hosting providers can update a cPanel account’s password in WHM’s Password Modification interface (WHM » Home » Account Functions » Password Modification).

Change your password

To change your password, enter the desired information and click Change your password now!, or use the Password Generator feature.


You must enable Digest Authentication if you use Windows® Vista, Windows® 7, Windows® 8, or Windows® 10 and you access Web Disk over a clear text, unencrypted connection.

Create a strong password

To ensure your account’s security, make certain to create a strong password:

  • Use a different password for each of your important accounts (for example, your email accounts).
  • Use a combination of letters, numbers, and symbols in your password.

Password Generator

This feature generates secure passwords, which are difficult for malicious users to guess. You can use the Password Generator feature in any interface that displays it.

When you click Password Generator, a new window appears that contains a generated password in a text box. Click Generate Password until it generates a satisfactory password.

Configure security requirements

To set the security requirements of the new password, perform the following steps:

  1. Click Advanced Options.
  2. Enter the desired length of the password in the Length text box.
  3. Select whether to include uppercase letters, lowercase letters, numbers, or symbols.
  4. Copy the password in a safe place and select the I have copied this password in a safe place checkbox at the bottom of the window.
  5. Click Use Password to use the generated password. To reject the password and close the Password Generator window, click Cancel.

External Authentication

Your system administrator may allow users to access cPanel with external authentication credentials (for example, cPanelID, WHMCS, Google® Accounts, Facebook®, or your hosting provider’s portal). This functionality allows you to reduce the number of passwords that you need to remember.

The External Authentication tab lists the credentials for OpenID Connect-compliant identity providers that you can use to log in to cPanel and Webmail. You can also use this section of the interface to link new credentials or unlink existing credentials.

  • This section only appears if the server administrator has configured at least one external authentication module.
  • This interface only displays the external authentication identity providers that your hosting provider selects in WHM’s Manage External Authentications interface (WHM » Home » Security Center » Manage External Authentications).
  • Most identity providers allow you to register for an account as part of the authentication process.
  • Your cPanelID uses the same username and password that you use for the cPanel Store, the cPanel Tickets system, and the Manage2 billing system. If you do not already use a cPanelID, you can register for one during the authentication process.
  • You can link one or more external accounts to one or more cPanel accounts, WHM accounts, or Webmail accounts.
  • If you link to an external account through an identity provider that uses two-factor authentication, you must also authenticate through that identity provider in addition to any two-factor authentication that you configure on your server.

To link your cPanel or Webmail account to credentials at an external authentication identity provider, perform the following steps:

  1. Click the External Authentication tab.
  2. Click Link Account next to the name of the appropriate identity provider. A new login interface will appear for that identity provider.
  3. Enter the requested username, password, and other credentials for that identity provider. If you are currently logged in to that identity provider, the interface will skip this step.
  4. Confirm that you wish to allow the provider to link to your cPanel or Webmail account.
  5. Confirm that you wish to link your cPanel account to the provider’s authentication credentials.

To unlink external authentication identity provider credentials from your account, click Unlink Account next to the appropriate account. A new interface will appear that asks you to confirm that you wish to unlink your account.

Additional Documentation