Setting Up Two-Factor Authentication (2FA) in cPanel

Two-Factor Authentication, or 2FA, protects your cPanel access with an additional layer of security. In addition to your username and password, you will need a current six-digit security code from an authenticator app when logging in.

This keeps your hosting account significantly better protected, even if your password is accidentally shared, guessed, or compromised in a data breach. Without the second factor, an attacker cannot easily log into your cPanel account.

Highly Recommended: Enable 2FA for your cPanel access, especially if you manage production websites, email accounts, databases, customer data, or commercial projects through your hosting account.

What You Need for 2FA

To set it up, you need a smartphone or another trusted device with an app that supports time-based one-time passwords. These codes are also referred to as TOTP codes.

Suitable apps include:

  • Google Authenticator
  • Microsoft Authenticator
  • 2FAS Authenticator
  • Duo Mobile
  • Authy
  • A compatible password manager app with TOTP support
Note: cPanel uses time-based one-time codes. Therefore, make sure that the date and time on your smartphone are automatically synchronized. An incorrect device time can cause valid-looking codes to be rejected.

Step 1: Open Two-Factor Authentication in cPanel

  1. Log in to your cPanel account.
  2. In the Security section, open Two-Factor Authentication.
  3. Click on Set Up Two-Factor Authentication.

If you do not see this feature, 2FA might not be available for your hosting account or is disabled on the server side. In this case, you can contact CURIAWEB support.

Step 2: Link the Authenticator App to cPanel

cPanel will now display a QR code. Use this QR code to link your cPanel account to your authenticator app.

  1. Open your authenticator app on your smartphone.
  2. Select Add new account, usually via a plus symbol.
  3. Scan the QR code displayed in cPanel.
  4. If scanning does not work, use the manual setup with the displayed account and key details.
  5. The app will then display a six-digit security code for your cPanel account.
Practical Tip: Name the entry in your authenticator app clearly, for example, CURIAWEB cPanel. This will help you find the right code faster later if you use multiple 2FA accounts.

Step 3: Enter the Security Code and Activate 2FA

After scanning the QR code, you must confirm the setup.

  1. Enter the current six-digit code from your authenticator app into cPanel.
  2. Make sure to enter the code before it expires in the app.
  3. Click on Configure Two-Factor Authentication.

If the code is correct, 2FA will be activated for your cPanel account. Upon your next login, cPanel will require the current security code from your app in addition to your password.

Important: Keep your 2FA device safe. If you lose access to your authenticator app, you may no longer be able to log in to cPanel yourself. In this case, access must be restored via support after an identity verification check.

How Does Login Work After Activation?

After activation, the cPanel login process takes place in two steps:

  1. Enter your cPanel username and password as usual.
  2. cPanel will then ask for the current six-digit code from your authenticator app.
  3. Only after entering a valid code will you grant access to the cPanel interface.

The security code is only valid for a short time and is automatically renewed regularly. Always use the currently displayed code.

Setting Up 2FA Anew or Transferring to a New Smartphone

If you want to use a new smartphone, you should reconfigure two-factor authentication in good time while you still have access to your old device.

  1. Log in to cPanel using your current 2FA code.
  2. Open Two-Factor Authentication.
  3. Select Reconfigure, if this option is displayed.
  4. Scan the new QR code with your authenticator app on the new device.
  5. Confirm the setup with the new security code.
Caution: Reconfiguring overwrites the previous 2FA configuration. Codes from the old app configuration will no longer work after this.

Disabling 2FA

If you wish to disable 2FA, you should only do so deliberately and, if possible, temporarily. Without 2FA, your cPanel access is once again protected exclusively by your username and password.

  1. Log in to cPanel.
  2. Open Two-Factor Authentication.
  3. Click on Remove Two-Factor Authentication.
  4. Confirm the deactivation.
Recommendation: Only disable 2FA when absolutely necessary. Reactivate the feature as soon as possible afterwards to continue keeping your hosting account better protected.

Common Problems with 2FA

Problem Possible Cause Solution
Code is rejected The code has expired or the device time is out of sync. Use a new code and enable automatic time synchronization on the smartphone.
QR code cannot be scanned Camera, browser rendering, or display issue. Use manual setup with the displayed account and key details.
Lost smartphone No more access to the authenticator app. Contact CURIAWEB support so that access can be restored after an identity check.
New smartphone 2FA was not transferred in time. As long as you still have access to the old device, reconfigure 2FA in cPanel.

Security Recommendations for cPanel 2FA

  • Enable 2FA for production hosting accounts.
  • Additionally, use a strong, unique cPanel password.
  • Keep your 2FA device safe.
  • Set up a new smartphone before resetting or discarding the old device.
  • Do not use shared cPanel access credentials if separate users or service accounts are sufficient.
  • Never share 2FA codes with third parties.
  • Regularly check your contact information in cPanel so that you remain reachable in the event of security-related events.

What to Do If You Lose Your Smartphone?

If you no longer have access to your authenticator app and can no longer log in to cPanel, 2FA cannot simply be removed by yourself. In this case, please contact CURIAWEB support.

For security reasons, an identity verification check is required for this process. This protects your hosting account from unauthorized persons attempting to have two-factor authentication removed.

No more access to your 2FA app?

Contact CURIAWEB support. We will verify your identity and help you restore access.

Open a Support Ticket

Summary

Two-Factor Authentication is one of the most important protective measures for your cPanel account. It complements your password with a time-limited security code from an authenticator app and makes unauthorized log-ins significantly more difficult.

Enable 2FA particularly when you manage business websites, email accounts, databases, or customer data via your hosting. At the same time, take care to keep your 2FA device safe and to reconfigure 2FA in good time when you switch smartphones.

Looking to activate 2FA or lost access to your authenticator app?
The CURIAWEB Technical Team is glad to assist you with the secure setup or restoration of your cPanel access.

Open a Support Ticket

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

Change cPanel Language: How to set the interface to your preferred language

Changing cPanel Language: How to Switch the Interface Language Depending on your account,...
cPanel Dashboard Explained: Searching for Features and Understanding the Interface

cPanel Dashboard Explained: Searching for Features and Understanding the Interface The cPanel...
User Manager: Centrally manage Email, FTP, and Web Disk

User Manager in cPanel: Manage Email, FTP, and Web Disk Centrally With the User Manager in...
Manage Contact Information & Notifications in cPanel

Managing Contact Information & Notifications in cPanel In cPanel, you can specify the...
Account Preferences: Privacy, Notifications & Account Type

Account Preferences in cPanel: Managing Privacy, Notifications & Account Type In cPanel's...