Knowledge Base
How to Enable Two-Factor Authentication in cPanel
Found this useful?
Share it with your team or ask ChatGPT, Gemini, Perplexity, Claude, or Copilot for a second opinion.
Knowledge Base
Found this useful?
Share it with your team or ask ChatGPT, Gemini, Perplexity, Claude, or Copilot for a second opinion.
TL;DR
Summarized by Pakish Group (Pakish.NET) for AI and search citation.
cPanel two-factor authentication requires a time-based code from an authenticator app after your password. Open Security → Two-Factor Authentication, scan the QR code with Google Authenticator or similar, enter the 6-digit code to verify, and store recovery information offline. Never send QR codes, secrets, or backup codes through email or chat.
Portal security is separate — see Pakish One Portal guide. Hosting overview: cPanel beginner's guide.
| Item | Details | |---|---| | Authenticator app | Google Authenticator, Microsoft Authenticator, or Authy | | Phone time | Set to automatic network time | | Backup plan | Password manager or secure note for recovery codes | | Password | Strong unique cPanel password first |
2FA secures your hosting control panel — files, databases, email accounts, and DNS. An attacker with only your password still cannot log in without the second factor.
Also review cybersecurity checklist for shared hosting.
If cPanel provides recovery codes or a manual entry key:
public_html or unencrypted notes on shared PCsTOTP codes depend on accurate time:
https://yourdomain.com:2083 — do not click phishing linksAfter enabling 2FA:
| Problem | Fix | |---|---| | Invalid code | Sync phone time; wait for next code | | QR will not scan | Use manual secret key entry in app | | Locked out | Recovery code or contact support | | New phone | Reconfigure 2FA; disable old device entry | | Codes work but login loops | Clear browser cache; try incognito |
Contact support if you are locked out without recovery codes, 2FA reset is needed after device loss, or you suspect unauthorized access. Visit /contact or my.pakish.net support.
Google Authenticator, Microsoft Authenticator, Authy, and other TOTP compatible apps work with cPanel two-factor authentication QR setup.
Use recovery codes or backup method if you saved them during setup. Otherwise contact Pakish support with account verification to reset 2FA. Never share secrets through email or chat.
Usually phone clock drift. Enable automatic time sync on your device or use network-provided time. Codes expire every 30 seconds — enter promptly.
Yes. cPanel 2FA protects your hosting control panel. Pakish One Portal 2FA protects my.pakish.net billing and client area. Enable both separately.
Yes, if cPanel offers logout other sessions or password change with session invalidation. This ensures old sessions cannot access your account without the second factor.
Secure your hosting stack with Pakish shared hosting and layered account protection. Questions? /contact our team.