(cPanel >> Home >> Security >> Two-Factor Authentication)
Two-factor authentication (2FA) is an improved security measure that requires two forms of identification: your password and a generated security code. With 2FA enabled, an application on your smartphone supplies a code that you must enter with your password to log in. Without your smartphone, you cannot log in.
To use this feature, your system administrators must enable it for you. Ask them to perform the following steps in WHM:
- Set the Two-Factor Authentication Security Policy toggle to On in WHM's Two-Factor Authentication interface (WHM >> Home >> Security >> Two-Factor Authentication).
- Grant the Two-Factor Authentication (Google Authenticator) feature to the desired users in WHM's Feature Manager interface (WHM >> Home >> Packages >> Feature Manager).
Configure two-factor authentication
To configure two-factor authentication, perform the following steps:
- Click Set Up Two-Factor Authentication.
- To configure two-factor authentication, you must link your cPanel account and your 2FA app:
- To automatically create the link, scan the displayed QR code with your app.
- To manually create the link, enter the provided Account and Key information in your app.
Open your 2FA app to retrieve the six-digit security code.
The 2FA app generates a new six-digit security code for your cPanel account every 30 seconds.
Enter the six-digit security code in the Security Code text box.
You must enter the security code within 30 seconds. After time expires, the app will generate a new six-digit code.
Click Configure Two-Factor Authentication.
If you see a Failed to set user configuration: The security code is invalid. error, a problem may exist with the date and time settings on your server. To fix the issue, contact your hosting provider or system administrator.
Remove two-factor authentication
To remove two-factor authentication, click Remove Two-Factor Authentication.
Reconfigure two-factor authentication
To reconfigure two-factor authentication, click Reconfigure. Follow the steps to configure two-factor authentication.
If you reconfigure 2FA for your account, any existing configurations will no longer produce valid security codes.