How to set up two-factor authentication for cPanel

cPanel enables you to configure two-factor authentication (2FA), an improved security measure for the login interface. Two-factor authentication requires two forms of identification:

  • Your password.
  • A security code. An application on your smartphone generates a code that you must enter to log in. Without this security code, you cannot log in.
    The smartphone app must be able to generate time-based one-time passwords (TOTP). cPanel recommends the following smartphone apps:

Enabling 2FA

To enable 2FA, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. In the SECURITY section of the cPanel home screen, click Two-Factor Authentication:

    cPanel Home Screen with 2FA

  3. Click Set Up Two-Factor Authentication:

    Setup 2FA

  4. Under Step 1, use your preferred two-factor authentication application (for example, DuoMobile) to scan the QR code. If you do not have a QR code reader, you can manually configure two-factor authentication within your app by entering the information provided under Don’t have a QR code reader?.

    QR screen

  5. Under Step 2, in the Security Code text box, type the security code you see in the 2FA app.

    You must type the security code within 30 seconds. After time expires, the app generates a new six-digit code.
  6. Click Configure Two-Factor Authentication. cPanel enables 2FA for your account.

Reconfiguring 2FA

To reconfigure 2FA, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. In the SECURITY section of the cPanel home screen, click Two-Factor Authentication:

    cPanel Home Screen with 2FA

  3. Click Reconfigure Two-Factor Authentication, and then follow the steps in the previous procedure for enabling two-factor authentication.

    When you reconfigure 2FA for your account, any existing configurations no longer generate valid security codes. You must update every app with the new QR code.

Removing 2FA

To remove 2FA, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. In the SECURITY section of the cPanel home screen, click Two-Factor Authentication:

    cPanel Home Screen with 2FA

  3. Click Remove Two-Factor Authentication, and then click Remove to confirm. cPanel disables 2FA for your account.

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.