Two-Factor Authentication for WHM

Valid for versions 82 through 112

Version:

114

Last modified: December 4, 2024

Looking for this interface?

Note:

Your hosting provider can enable or disable this interface for resellers in WHM's Edit Reseller Nameservers and Privileges interface (WHM >> Home >> Resellers >> Edit Reseller Nameservers and Privileges).

Overview

This interface allows you to configure two-factor authentication (2FA), a security measure for the login interfaces of cPanel & WHM. Two-factor authentication requires two forms of identification. After you enter your password, you must enter a security code. 2FA requires a smartphone with a supported time-based one-time password (TOTP) app to provide this code. We suggest the following apps for Android™ and iOS®:

For more information about 2FA, read Wikipedia’s Two-Factor Authentication article.

Enable 2FA for logins

Warning:

This feature may cause some third-party applications to fail. It may also cause applications to improperly store data.

As the root user, set the toggle to On.

The interface will now display the The Two-Factor Authentication Security Policy is Enabled message. cPanel & WHM users can now configure 2FA.

cPanel users can configure 2FA for logins in cPanel’s Two-Factor Authentication interface (cPanel » Home » Security » Two-Factor Authentication), while the root user and resellers with create-acct privileges can configure it in the Manage My Account tab.

Failed to set user configuration: The security code is invalid

If you see the Failed to set user configuration: The security code is invalid. error when you try to enable 2FA, your server’s date and time settings could be inaccurate. Run the ntpdate command to re-synchronize your server’s internal clock with the Network Time Protocol (NTP) server, then re-enable 2FA.

Enable 2FA for APIs

To use 2FA for API functions with username and password authentication, enable the API requests option in the Security Policy Extensions section of WHM’s Configure Security Policies interface (WHM » Home » Security Center » Configure Security Policies).

Settings

The Settings tab allows you to configure the 2FA Issuer setting. The Issuer setting determines the name that appears in many authentication apps.

To set the Issuer setting for 2FA, perform the following steps:

Click the Settings tab.
Enter the desired value for the Issuer setting, or retain the default value. For example, if you want users to search for My Business Website in their 2FA phone applications to receive authentication codes for your website, enter My Business Website here.
Note:
- If you do not enter a name for the Issuer setting, it defaults to the hostname.
- Some authentication apps may display the hostname or Account value instead of the Issuer value.
Click Save.

Manage Users

The Manage Users tab displays the accounts for which you have enabled 2FA. It also allows you to disable 2FA on those accounts.

Remove 2FA on a user account

To disable 2FA for a single user account on the Manage Users list, click Disable to the right of the user account.

To disable 2FA for multiple user accounts from the Manage Users list, perform the following steps:

Select the Manage Users tab.
Select the checkboxes to the left of each user account that you want to remove. To select all accounts, select the checkbox to the left of the User heading.
Click the gear icon on the top right of the list, and then select Disable Selected.

Note:

Select Disable All to disable 2FA for every user account from the Manage Users list. This will not disable 2FA on your own account.
If a user loses access to their 2FA application, you can Disable their access, then re-enable it. This will allow them to configure their access again.

Enable 2FA on a user account

Important:

You cannot enable 2FA for a cPanel account through the WHM interface. You must enable the Two-Factor Authentication Security Policy on the server in order to enable 2FA for cPanel accounts.

To enable 2FA for a user account, log in to the cPanel interface as the user and navigate to cPanel’s Two-Factor Authentication interface (cPanel » Home » Security » Two-Factor Authentication).

You can also call API functions to access 2FA functionality. For more information, read our Guide to API Authentication documentation.

Manage My Account

The Manage My Account tab allows you to set up 2FA for the root user or a reseller account.

Important:

To use 2FA in WHM, a reseller account must possess the Create Accounts (create-acct) privilege in WHM’s Edit Reseller Nameservers and Privileges interface (WHM » Home » Resellers » Edit Reseller Nameservers and Privileges).

Configure 2FA

To configure 2FA, perform the following steps in the Manage My Account tab:

Click Set Up Two-Factor Authentication.
Link your cPanel account and your 2FA smartphone app:
- To automatically create the link, scan the QR code that the Manage My Account tab displays with your 2FA smartphone app.
- To manually create the link, enter the Account and Key information that the Manage My Account tab displays in your 2FA smartphone app app.
Within your 2FA smartphone app, retrieve the six-digit security code.
Enter the six-digit security code in the Security Code text box.

Note:

The 2FA smartphone app will generate a new six-digit security code every 30 seconds. You must complete this step and Step 5 before the code you used expires.
Click Configure Two-Factor Authentication.

Note:

2FA supports only one concurrent session for any user. If you open several browser windows to cPanel & WHM and log out in one of them, the server will log out the other windows.

Remove 2FA

To remove 2FA, click Remove Two-Factor Authentication.

Reconfigure 2FA

To reconfigure 2FA, click Reconfigure. Then, follow the steps above to configure 2FA.

Warning:

If you reconfigure 2FA for your account, any existing configurations will no longer produce valid security codes.