Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) adds an extra layer of protection to your cPanel and WHM accounts by requiring two forms of verification during login:

• Something you know — your password.
• Something you have — a unique security code generated by an authentication app on your phone or desktop.

Even if someone learns your password, they cannot access your account without the code from your authentication app.

Why Use Two-Factor Authentication?

Passwords can be compromised through phishing, malware, or stolen devices. Many users also reuse passwords across different accounts, increasing risk. 2FA prevents unauthorized access — your password alone is no longer enough to log in.

Requirements

• A 2FA app such as Authy or Google Authenticator, available for mobile and desktop.
• Access to your cPanel or WHM account.

Set Up 2FA in cPanel

Step 1: Log in and Open 2FA Settings

Sign in to your cPanel account. In the Security section of your dashboard, click Two-Factor Authentication.

Figure 1: Two-Factor Authentication in cPanel’s Security section

Step 2: Configure Two-Factor Authentication

Click Set Up Two-Factor Authentication. You’ll see a QR code and manual configuration details displayed on-screen.

Figure 2: QR code for linking your authentication app

Open your 2FA app (Authy or Google Authenticator) and add a new account by scanning the QR code. If you can’t scan it, manually enter the details:

• Account: User Name
• Key: CODE !!!

Step 3: Verify and Enable

Enter the 6-digit security code generated by your app and click Configure Two-Factor Authentication. Once verified, 2FA will be active for your cPanel account.

Set Up 2FA in WHM

You’ll need to be logged into your WHM account and have your 2FA app installed (e.g., Authy).

1. In the left-hand menu, open the Security Center section and click Two-Factor Authentication.
2. Click the toggle to enable the Two-Factor Authentication Security Policy.
3. Click the Manage My Account tab.
4. Select Set Up Two-Factor Authentication.
5. Scan the displayed QR code with your authentication app or manually enter the provided key.
6. Once your app generates codes, enter a valid one and click Configure Two-Factor Authentication.

Remove Two-Factor Authentication

To disable 2FA, click the Remove Two-Factor Authentication button in your cPanel or WHM 2FA settings. You’ll be prompted to confirm before removal.

Can’t Generate a 2FA Code or Use a Backup Code?

If you’ve changed phones or lost access to your authentication device and don’t have a backup code, contact your hosting support team. You’ll need to verify your identity before they can disable 2FA for you.