{"id":58145,"date":"2020-11-10T14:02:02","date_gmt":"2020-11-10T20:02:02","guid":{"rendered":"https:\/\/blog.cpanel.com\/?p=58145"},"modified":"2020-11-10T14:02:02","modified_gmt":"2020-11-10T20:02:02","slug":"how-to-configure-and-use-two-factor-authentication-in-cpanel","status":"publish","type":"post","link":"https:\/\/devel.www.cpanel.net\/blog\/tips-and-tricks\/how-to-configure-and-use-two-factor-authentication-in-cpanel\/","title":{"rendered":"How to Configure and Use Two-Factor Authentication in cPanel"},"content":{"rendered":"\n
Online criminals love to target web servers, and they will exploit any security vulnerability to break into them, steal data, and misuse resources. cPanel & WHM includes many powerful security features to help server administrators keep criminals out, including a robust two-factor authentication (TFA) system.<\/p>\n\n\n\n
Two-factor authentication enhances server security by asking users to provide a unique code, supplied by an app on their phone, when they log in.<\/p>\n\n\n\n
When two-factor authentication is turned off, cPanel & WHM asks users to enter two pieces of information: a public username and a private password. If no one except the user knows the password, it proves they are who they claim to be. Password-based \u201cone-factor\u201d authentication is secure if the password is tough to guess and users really do keep it secret.<\/p>\n\n\n\n
However, users sometimes create security vulnerabilities because they choose passwords that are easy to guess, store them insecurely, or share them with other people. TFA adds another authentication factor, a one-time code generated by an app that can\u2019t be guessed or shared because it changes thousands of times a day. <\/p>\n\n\n\n
Entering the code proves the user has the mobile device with the app installed while logging in. They verify their identity with both \u201csomething they know,\u201d the password, and \u201csomething they have,\u201d the phone the app is installed on.<\/p>\n\n\n\n
Two-factor authentication works because the authenticator app and cPanel & WHM share a secret key. cPanel creates the key, which is added to the app via a QR code or entered as a string of digits. With some complicated math, cPanel and the app can then simultaneously generate the same one-time code. When you log in, the codes are compared, and if they match, you\u2019re authenticated.<\/p>\n\n\n\n
Two-factor authentication is much more secure than password-based logins, but it is also less convenient. Your users will have to install an app and use it every time they log in. It\u2019s up to the server administrator or hosting provider to decide whether the inconvenience is worth the increase in security.<\/p>\n\n\n\n
To use two-factor authentication in cPanel, your hosting provider or server administrator must first activate and configure it in WHM. We\u2019ll show you how to do that in the next section.<\/p>\n\n\n\n
You will also need a two-factor authentication app to provide the one-time code. There are several available for mobile devices, including:<\/p>\n\n\n\n
You will find the Two-Factor Authentication<\/em> configuration page under Security<\/em> in the WHM sidebar menu. It\u2019s turned off by default, so first, we need to flip the switch to activate it.<\/p>\n\n\n\n