Two-Factor Authentication for cPanel

Valid for versions 114 through the latest version

Version:

82

114

Last modified: 2025 July 10


Looking for this interface?
Note:

Your hosting provider can enable or disable this interface in WHM's Feature Manager interface (WHM >> Home >> Packages >> Feature Manager).

Overview

Two-factor authentication (2FA) is a popular security measure. When you set up 2FA, you must provide two identification factors to log in to cPanel: your password and a six-digit security code. You can get this security code from a smartphone with a a smartphone authenticator app.

Important:
  • To use this feature, your hosting provider must enable 2FA in WHM’s Two-Factor Authentication interface (WHM » Home » Security Center » Two-Factor Authentication).
  • This document only covers how to use 2FA for cPanel. For information about how to use 2FA with Webmail, read our Webmail — Edit Your Settings documentation.

2FA smartphone apps

Depending on your smartphone’s operating system, we suggest the following apps:

Set up 2FA

To set up 2FA, you must first install a smartphone app to generate your security code. Then, perform the following steps:

  1. Click Set Up Two-Factor Authentication.
  2. Link your cPanel account and your 2FA app with one of the following methods:
    • To automatically create the link, scan the displayed QR code with your app.
    • To manually create the link, enter the provided Account and Key information in your app.
  3. Within your 2FA app, retrieve the six-digit security code.
  4. In the Security Code text box, enter the security code before it expires.
  5. Click Configure Two-Factor Authentication.
    Note:

    If you see a Failed to set user configuration: The security code is invalid. error, a problem may exist with the date and time settings on your server. To fix the issue, contact your hosting provider.

Now, when you log in with your password, cPanel will ask for a security code. You must use your smartphone’s password app to find this security code, then use it to log into cPanel before the code expires. Without your smartphone, you cannot log in.

Reconfigure 2FA

To reconfigure 2FA, click Reconfigure. Then, follow the steps to set up 2FA again with a new configuration.

Warning:

This action will overwrite your account’s existing 2FA configuration. As a result, any existing 2FA app configurations will not provide valid security codes. Additionally, the system will log you out of any other cPanel browser windows.

2FA authentication status tracking

2FA tracks your authentication status across browser windows. If you open cPanel in several browser windows, the following actions will cause all other windows to log out:

Disable 2FA

To disable 2FA, click Remove Two-Factor Authentication. Now when you log in with your password, cPanel will not ask for a security code.

Lost access to 2FA

If you lose access to your existing 2FA application and are unable to log in, contact your hosting provider to disable your account’s 2FA access. This will allow you to set up 2FA again.

Additional Documentation