1. cPanel & WHM Documentation
  2. cPanel
  3. Security
  4. Two-Factor Authentication for cPanel
authentication login passwords security cpanelui 2fa

Two-Factor Authentication for cPanel

Valid for versions 114 through the latest version

Version:

82

114

Last modified: 2025 February 6

Looking for this interface?
Note:

Your hosting provider can enable or disable this interface in WHM's Feature Manager interface (WHM >> Home >> Packages >> Feature Manager).

Overview

Two-factor authentication (2FA) is a security measure that requires two forms of identification to allow you to access cPanel & WHM. After you enter your password, you must enter a security code. An application on your smartphone supplies this code. Without your smartphone, you cannot log in.

Important:
  • To use this feature, your hosting provider must enable 2FA in WHM’s Two-Factor Authentication interface (WHM » Home » Security Center » Two-Factor Authentication).
  • 2FA tracks your authentication status across browser windows. If you open several browser windows to cPanel and log out in one of them, the server will log out the other windows.
Note:

  • You can also enable 2FA for Webmail.

  • 2FA requires a smartphone with a supported time-based one-time password (TOTP) app. We suggest the following apps for Android™ and iOS®:

Set up 2FA

To set up 2FA, perform the following steps:

  1. Click Set Up Two-Factor Authentication.
  2. Link your cPanel account and your 2FA app with one of the following methods:
    • To automatically create the link, scan the displayed QR code with your app.
    • To manually create the link, enter the provided Account and Key information in your app.
  3. Within your 2FA app, retrieve the six-digit security code.
  4. Before the code expires, enter it in the Security Code text box.
    Note:

    You must enter the security code before it expires in your 2FA app. After it expires, the app will generate a new six-digit code.

  5. Click Configure Two-Factor Authentication.
    Note:

    If you see a Failed to set user configuration: The security code is invalid. error, a problem may exist with the date and time settings on your server. To fix the issue, contact your hosting provider.

Disable 2FA

To disable 2FA, click Remove Two-Factor Authentication.

Reconfigure 2FA

To reconfigure 2FA, click Reconfigure. Follow the steps above to set up 2FA again with a new configuration.

Warning:

This action will overwrite your account’s existing 2FA configuration. As a result, any existing 2FA app configurations will not provide valid security codes.

Lost access to 2FA

If you lose access to your existing 2FA application and are unable to log in, contact your system administrator to disable your account’s 2FA access. This will allow you to set up 2FA again.

Additional Documentation