In This Tutorial:
With InMotion Hosting’s Business Class and Reseller Hosting, Two-Factor Authentication, or 2FA, is enabled by default. When 2FA is enabled, the additional authentication method can be configured to add a layer of security for logging into your cPanel account. Once configured, with a smartphone (via a third-party application, like Google Authenticator for Android, BlackBerry, and iOS or Microsoft Authenticator for Windows Phones), users will generate a secure code to authenticate their cPanel login, in addition to the cPanel user’s password. In this guide, you will learn how to configure Two-Factor Authentication and how to use 2FA to log into cPanel.
Configure 2FA
Configuring 2FA is simple via the cPanel interface. Follow the steps below to learn how to setup two-factor authentication.
Log into cPanel as the user you want to configure 2FA for.
In the cPanel search bar, type “two“.
Click on the Two-Factor Authentication icon.
Click the Set Up Two-Factor Authentication button to proceed.
- Click one of the buttons below to expand and display instructions to use the QR (Quick Response) Code or Manual Entry to configure 2FA.
Use your smartphone to scan the QR Code displayed under Step 1.
NOTICE: Once the QR Code is captured on your device, a security code will be generated.Enter the security code (displayed in your smartphone app) under Step 2 in the box labeled Security Code. Then, click the Configure Two-Factor Authentication button.
NOTE: The security code is valid for about 30 seconds. If the code is not entered within that duration of time, the smartphone app will generate a new code, rendering the old code invalid.
Use your smartphone to manually enter the Account as it is displayed in the Manual Entry section of cPanel.
Use your smartphone to manually enter the Key as it is displayed in the Manual Entry section of cPanel.
NOTICE: Once the Account and Key are captured on your device, a security code will be generated.Enter the security code (displayed in your smartphone app) under Step 2 in the box labeled Security Code. Then, click the Configure Two-Factor Authentication button.
NOTE: The security code is valid for about 30 seconds. If the code is not entered within that duration of time, the smartphone app will generate a new code, rendering the old code invalid.
Once successful, you will see the following message:
Now that you have configured this cPanel account to use 2FA, the cPanel user will be prompted to enter the security code (generated via the smartphone app) to log into cPanel.
Use 2FA
Once you have configured a cPanel user for 2FA, after entering the correct username and password combination to log into cPanel, a new page will load which prompts the user to enter the new security code generated from the smartphone app. (used to set up 2FA). Follow the instructions below to log into cPanel, when using 2FA.
On the cPanel login page, enter the user name and password combination. Then, click the Login button.
Open the smartphone app to generate a new security code.
Enter the security code in the field labeled: “Enter the security code for {your user}”. Then, click the Continue button.
NOTE: The security code is valid for about 30 seconds. If the code is not entered within that duration of time, the smartphone app will generate a new code, rendering the old code invalid.
Remove 2FA
If for some reason you are unable to log into cPanel after enabling 2FA, you can log into cPanel through your Account Management Panel (AMP). Once logged in, you can remove 2FA for the cPanel account. The following instructions will guide you through this process.
Log into your cPanel, via your Account Management Panel (AMP).
In the cPanel search bar, type “two“.
Click on the Two-Factor Authentication icon.
Click on the Remove Two-Factor Authentication button.
Now, click on the Remove button.
Once 2FA has been removed, you will receive the following message:
Now that 2FA has been removed for the cPanel user, that user will no longer be prompted for a security code and can log into cPanel using simply the username and password.
Learn more about cPanel security from our Managed VPS Hosting Product Guide.
How does one set up 2FA for email? Presently, I have 2FA set up on inmotionhosting.com for my main account and another 2FA on cPanel, but I can log into my email without using 2FA. How do I set that up? I don’t see instructions or any link to do that.
Hi Cindy! While we do have 2FA for both cPanel and AMP, there is not currently a form of 2FA available for emails due to the way they are set up in cPanel. For those, we recommend a strong password.