cPanel enables you to configure two-factor authentication (2FA), an improved security measure for the login interface. Two-factor authentication requires two forms of identification:
- Your password.
- A security code. An application on your smartphone generates a code that you must enter to log in. Without this security code, you cannot log in.
This is where you will set up TFA for your user or turn it off if you decide you no longer need it.
Click the Set Up Two-Factor Authentication button, and you’ll be taken to a page with the information your mobile authenticator app needs, encoded as a QR code.
How you enter this information is different in each app, but you should look for a plus (+) button in the app’s interface and then select “scan barcode” or “scan QR code.“ Point your phone’s camera at the QR code, and the app will read it.
If your app can’t read the QR code, manually enter the Account and Key information displayed below the QR code.
Your app should display a six-digit code that changes every 30 seconds. To finalize the configuration, enter the code into the Security Code field at the bottom of the page and click Configure Two-Factor Authentication.
That’s it! Next time you log in to cPanel, you’ll be asked to supply a code from your app in addition to your username and password.
Two-factor authentication significantly reduces the likelihood of a server being compromised with shared or lost passwords. It also offers complete protection from password-guessing attacks, including automated brute-force and dictionary attacks. With cPanel & WHM, you can activate TFA in minutes, protecting your server’s resources and reducing the amount of time you spend supporting users with compromised hosting accounts.