How to Configure and Use Two-Factor Authentication in cPanel

With InMotion Hosting’s Business Class and Reseller Hosting, Two-Factor Authentication, or 2FA, is enabled by default. When 2FA is enabled, the additional authentication method can be configured to add a layer of security for logging into your cPanel account. Once configured, with a smartphone (via a third-party application, like Google Authenticator for Android, BlackBerry, and iOS or Microsoft Authenticator for Windows Phones), users will generate a secure code to authenticate their cPanel login, in addition to the cPanel user’s password. In this guide, you will learn how to configure Two-Factor Authentication for cPanel and how to log into cPanel using 2FA.

In This Tutorial:

How to Configure 2FA for cPanel
How to Use 2FA to Log into cPanel
How to Remove 2FA from cPanel

How to Configure 2FA for cPanel

Configuring 2FA is simple via the cPanel interface. Follow the steps below to learn how to setup two-factor authentication.

Note: A smartphone device is required for setting up 2FA.

For VPS and Dedicated servers, Two-Factor Authentication will need to be enabled from WHM.

Log into cPanel as the user you want to configure 2FA for.
In the cPanel search bar, type “two“.
Click on the Two-Factor Authentication icon.
Click the Set Up Two-Factor Authentication button to proceed.
Click one of the buttons below to expand and display instructions to use the QR (Quick Response) Code or Manual Entry to configure 2FA.

QR Code Method

Use your smartphone to scan the QR Code displayed under Step 1.
Notice: Once the QR Code is captured on your device, a security code will be generated.
Enter the security code (displayed in your smartphone app) under Step 2 in the box labeled Security Code. Then, click the Configure Two-Factor Authentication button.
Note: The security code is valid for about 30 seconds. If the code is not entered within that duration of time, the smartphone app will generate a new code, rendering the old code invalid.

Manual Entry Method

Use your smartphone to manually enter the Account as it is displayed in the Manual Entry section of cPanel.
Use your smartphone to manually enter the Key as it is displayed in the Manual Entry section of cPanel.
Notice: Once the Account and Key are captured on your device, a security code will be generated.
Enter the security code (displayed in your smartphone app) under Step 2 in the box labeled Security Code. Then, click the Configure Two-Factor Authentication button.
Note: The security code is valid for about 30 seconds. If the code is not entered within that duration of time, the smartphone app will generate a new code, rendering the old code invalid.
Once successful, you will see the following message:

Now that you have configured this cPanel account to use 2FA, the cPanel user will be prompted to enter the security code (generated via the smartphone app) to log into cPanel.

How to Use 2FA to Log into cPanel

Once you have configured a cPanel user for 2FA, after entering the correct username and password combination to log into cPanel, a new page will load which prompts the user to enter the new security code generated from the smartphone app (used to set up 2FA). Follow the instructions below to log into cPanel, when using 2FA.

Note: The smartphone device (and app) used to set up 2FA, is required to log into cPanel after 2FA is configured for the cPanel user.

On the cPanel login page, enter the user name and password combination. Then, click the Login button.
Open the smartphone app to generate a new security code.
Enter the security code in the field labeled: “Enter the security code for {your user}”. Then, click the Continue button.
Note: The security code is valid for about 30 seconds. If the code is not entered within that duration of time, the smartphone app will generate a new code, rendering the old code invalid.

How to Remove 2FA from cPanel

If for some reason you are unable to log into cPanel after enabling 2FA, you can log into cPanel through your Account Management Panel (AMP). Once logged in, you can remove 2FA for the cPanel account. The following instructions will guide you through this process.

Note: If you are subscribed to a Reseller Hosting plan, your Account Management Panel (AMP) will log you into cPanel as the main reseller user. In order to remove 2FA for a child cPanel account (owned by the main reseller user), you will need to login to WHM through AMP and remove Two-Factor Authentication for the cPanel user that is unable to login. You can refer to our guide on Disabling Two-Factor Authentication for Reseller Child Accounts.

Log into cPanel via your Account Management Panel (AMP).
In the cPanel search bar, type “two“.
Click on the Two-Factor Authentication icon.
Click on the Remove Two-Factor Authentication button.
Now, click on the Remove button.
Once 2FA has been removed, you will receive the following message:

Now that 2FA has been removed for the cPanel user, that user will no longer be prompted for a security code and can log into cPanel using simply the username and password.

Learn more about cPanel security from our Managed VPS Hosting Product Guide.

Enjoy high-performance, lightning-fast servers with increased security and maximum up-time with our Secure VPS Hosting!

Linux VPS cPanel or Control Web Panel Scalable Website Migration Assistance

Linux VPS Hosting

2 thoughts on “How to Configure and Use Two-Factor Authentication in cPanel”

How does one set up 2FA for email? Presently, I have 2FA set up on inmotionhosting.com for my main account and another 2FA on cPanel, but I can log into my email without using 2FA. How do I set that up? I don’t see instructions or any link to do that.

Ronnie says:
May 8, 2020 at 5:51 pm
Hi Cindy! While we do have 2FA for both cPanel and AMP, there is not currently a form of 2FA available for emails due to the way they are set up in cPanel. For those, we recommend a strong password.
Reply

Was this article helpful? Join the conversation!

Need More Help?