How to set up two-factor authentication in cPanel

Category: cPanel

cPanel Two-Factor Authentication adds a temporary code in addition to your password. Enable it if you want to protect panel access when you use shared networks, work from several devices, or want to reduce risk if a password is exposed.

This option depends on your provider enabling it for your account. If it does not appear in cPanel, open a ticket to confirm whether it is available on your plan.

Before you start

  • Have access to cPanel with your current username and password.
  • Install an authenticator app on your phone, such as Google Authenticator, Microsoft Authenticator, Authy, or any app compatible with TOTP codes.
  • Enable automatic time on the phone to avoid out-of-sync codes.
  • Save your main login details in a password manager before changing panel security.

Set up two-factor authentication

  1. Log in to cPanel.
  2. Find the Security section.
  3. Open Two-Factor Authentication. If your panel is in Spanish, the tool appears as Autenticación de dos factores.
  4. Click Set Up Two-Factor Authentication or the equivalent button shown by your cPanel theme.
  5. Open the authenticator app on your phone and scan the QR code.
  6. If you cannot scan the QR code, use the manual setup key shown by cPanel.
  7. Enter the six-digit code generated by the app in cPanel.
  8. Confirm the setup and wait for the success message before you leave the screen.

Verify the next login

  1. Sign out of cPanel from the account menu.
  2. Log in again with your username and password.
  3. When cPanel asks for the second factor, open the authenticator app.
  4. Enter the current six-digit code before it expires.
  5. Confirm that the panel loads normally after accepting the code.

If you change or lose your phone

  • Do not delete the old authenticator app until you confirm that the new phone generates valid codes.
  • If you can still access cPanel, disable two-factor authentication and set it up again with the new device.
  • If you no longer have access to the code, contact support to review a 2FA reset after validating account ownership.
  • Do not share temporary codes by chat or email; support does not need your current code to help recover access.

Common errors

  • The code appears as invalid: check that the phone time is automatic and wait for the next app code.
  • The tool does not appear in cPanel: your provider may have 2FA disabled; confirm availability with support.
  • You lost the authenticator phone: request help to reset 2FA and prepare account validation details.

Still need help?

If this guide didn’t solve your issue, our team can help you via ticket.

Open ticket Go to my account