How to Configure and Use Two-Factor Authentication

In This Tutorial:

InMotion Hosting’s Business Class and Reseller Hosting plans have Two-Factor Authentication (2FA) enabled by default, which adds an additional layer of security for logging into your cPanel account. With 2FA enabled, a smartphone can be used (via a third-party application like Google Authenticator for Android, BlackBerry, and iOS, or Microsoft Authenticator for Windows Phones) to generate a secure code that must be entered alongside the cPanel user’s password to authenticate their cPanel login. This guide will walk you through the process of configuring Two-Factor Authentication and using 2FA to log into cPanel.

Configure 2FA

Setting up Two-Factor Authentication is a straightforward process that can be completed via the cPanel interface. Follow the steps outlined below to learn how to configure 2FA:

1. Log in to your cPanel account.
2. Navigate to the “Security” section and click on the “Two-Factor Authentication” icon.
3. Click on the “Set Up Two-Factor Authentication” button.
4. Choose your preferred method of authentication (either using the Google Authenticator app or Email Authentication).
5. Follow the on-screen instructions to complete the setup process.

Once Two-Factor Authentication is set up, you can use it to log in to your cPanel account by providing the generated secure code in addition to your cPanel username and password.

Once successful, you will see the following message:

Now that you have configured this cPanel account to use 2FA, the cPanel user will be prompted to enter the security code (generated via the smartphone app) to log into cPanel.

Use 2FA

After configuring a cPanel user for Two-Factor Authentication, logging in to cPanel will require an additional step. Follow the instructions below to log in to cPanel when using 2FA:

1. On the cPanel login page, enter your username and password.
2. Click the “Login” button.
3. Open the smartphone app used to set up 2FA to generate a new security code.
4. Enter the security code in the field labeled “Enter the security code for {your user}”.
5. Click the “Continue” button.

Note that the security code generated by the app is only valid for a short period of time (usually around 30 seconds). If you don’t enter the code in time, the app will generate a new code, making the previous one invalid. It is important to have your smartphone and the 2FA app ready and accessible when logging in to cPanel with 2FA enabled.

Remove 2FA

If you encounter difficulties logging into cPanel after enabling 2FA, you can remove 2FA for the affected cPanel account by logging into your Account Management Panel (AMP). Here are the steps to follow:

1. Log into your AMP Account
2. Click on the “cPanel Login” button located under the Account Technical Details section of the AMP homepage.
3. From the cPanel Home screen, navigate to the “Security” section and click on the “Two-Factor Authentication” icon.
4. On the Two-Factor Authentication page, locate the user for whom 2FA is enabled and click on the “Deactivate” button next to the user.
5. Confirm that you want to disable 2FA for the user by clicking on the “Deactivate Two-Factor Authentication” button in the confirmation window.

Once you have completed the steps above, you will be able to log into cPanel without being prompted to enter a security code.

Now that 2FA has been removed for the cPanel user, that user will no longer be prompted for a security code and can log into cPanel using simply the username and password.