How to Configure, Use, and Remove Two-Factor Authentication for cPanel
In This Tutorial:
With Web Hosting Hub's Shared Hosting plans, Two-Factor Authentication, or 2FA, is enabled by default. When 2FA is enabled, the additional authentication method can be configured to add a layer of security for logging into your cPanel account.
Once configured, with your smartphone (via a third-party application, like Google Authenticator for Android, BlackBerry, and iOS or Microsoft Authenticator for Windows Phones), you will generate a secure code to authenticate your cPanel login, in addition to the cPanel user's password. In this guide, you will learn how to configure Two-Factor Authentication, use 2FA to log into cPanel, and remove 2FA from your cPanel account.
Configure 2FA
Configuring 2FA is simple via the cPanel interface. Follow the steps below to learn how to setup two-factor authentication.
NOTE: A smartphone device is required for setting up 2FA.
-
-
In the cPanel search bar, type "two".
-
Click on the Two-Factor Authentication icon.
-
Click the Set Up Two-Factor Authentication button to proceed.
-
Click one of the buttons below to expand and display instructions to use the QR (Quick Response) Code or Manual Entry to configure 2FA.
-
Use your smartphone to scan the QR Code displayed under Step 1.
NOTICE: Once the QR Code is captured on your device, a security code will be generated. -
Enter the security code (displayed in your smartphone app) under Step 2 in the box labeled Security Code. Then, click the Configure Two-Factor Authentication button.
NOTE: The security code is valid for about 30 seconds. If the code is not entered within that duration of time, the smartphone app will generate a new code, rendering the old code invalid. -
Use your smartphone to manually enter the Account as it is displayed in the Manual Entry section of cPanel.
-
Use your smartphone to manually enter the Key as it is displayed in the Manual Entry section of cPanel.
NOTICE: Once the Account and Key are captured on your device, a security code will be generated. -
Enter the security code (displayed in your smartphone app) under Step 2 in the box labeled Security Code. Then, click the Configure Two-Factor Authentication button.
NOTE: The security code is valid for about 30 seconds. If the code is not entered within that duration of time, the smartphone app will generate a new code, rendering the old code invalid.
Once successful, you will see the following message:
Now that you have configured your cPanel account to use 2FA, you will be prompted to enter the security code (generated via your smartphone app) to log into cPanel.
Use 2FA
Once you have configured your cPanel for 2FA, after entering the correct username and password combination to log into cPanel, a new page will load which prompts you to enter the new security code generated from the smartphone app (used to set up 2FA). Follow the instructions below to log into cPanel, when using 2FA.
NOTE: The smartphone device (and app) used to set up 2FA, is required to log into cPanel after 2FA is configured for the cPanel user.
-
On the cPanel login page, enter the user name and password combination. Then, click the Login button.
-
Open the smartphone app to generate a new security code.
-
Enter the security code in the field labeled: "Enter the security code for {your user}". Then, click the Continue button.
NOTE: The security code is valid for about 30 seconds. If the code is not entered within that duration of time, the smartphone app will generate a new code, rendering the old code invalid.
Remove 2FA
If for some reason you are unable to log into cPanel after enabling 2FA, you can log into cPanel through your Account Management Panel (AMP). Once logged in, you can remove 2FA for the cPanel account. The following instructions will guide you through this process.
-
Log into your cPanel, via your Account Management Panel (AMP).
-
In the cPanel search bar, type "two".
-
Click on the Two-Factor Authentication icon.
-
Click on the Remove Two-Factor Authentication button.
-
Now, click on the Remove button.
Once 2FA has been removed, you will receive the following message:
Now that 2FA has been removed for your cPanel user, you will no longer be prompted for a security code and can log into cPanel using the username and password.
Did you find this article helpful?
Tweet
Comments
n/a Points
|
2018-03-30 1:29 am
There is a backdoor work around that makes the 2F Authentication useless. You simply login to Webhosting Hub (no 2F Required) and then go to the C-Panel. |
Staff 619 Points
|
2018-03-30 4:46 pm
You can log into AMP to log directly into cPanel. The 2FA is indeed bypassed because you have 1st authenticated through your log into AMP and then your 2nd authentication is via the API call that AMP makes to authenticate the user associated with your AMP account. This is mentioned in the article as a "backdoor" to regaining access to cPanel, should you not be able to use a device for 2FA.
|
Help Center Login
Related Questions
Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
We value your feedback!
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
new! - Enter your name and email address above and we will post your feedback in the comments on this page!