Reading Time: 8 minutes

What is 2FA

Two-Factor Authentication (or 2FA as it often referred to) is an extra layer of security that is used to provide users an additional level of protection when securing access to an account. 

2fa-1

Employing a 2FA mechanism is a vast improvement in security over the Singe-Factor Authentication method of simply employing a username and password. Using this method, accounts that have 2FA enabled, require the user to enter a one-time passcode that is generated by an external application. The 2FA passcode (usually a six-digit number) is required to be input into the passcode field before access is granted. The 2FA input is usually required directly after the username and password are entered by the client.

How To Set Up Two-Factor Authentication in cPanelVideo by David Richards

Why is 2FA Useful?

As the usual methods of Single-Factor authentication have increasingly come under fire due to malware, phishing, spearfishing, credential stuffing, password spraying and other attack vectors, 2FA allows the user to implement a secondary procedure to deter would be malicious actors seeking to actively compromise and gain access to an account. Many online systems currently require users to employ this option before providing access to their accounts to improve the security of the stored data and personal information. Some of these systems include:

  • Finance
  • Healthcare
  • Social Media
  • Business
  • Defense
  • Law Enforcement
  • US Government

As 2FA has become increasing popular over the last few years, it has gained wide acceptance and use. 

2fa

Prerequisites & Caveats

  • The use of 2FA requires a smart device with a time-based one-time password (TOTP) supported app. We suggest using one the following apps, but there are multiple others to choose from.
  • Only the root user can implement the 2FA feature in WHM. Once it is enabled in WHM, individual users can enable it if they so choose.
  • Important: If a user gets the error:
    Failed to set user configuration: The security code is invalid
    An issue may exist with the date and time settings on the server. To correct this problem, use the ntpdate command in the terminal to re-synchronize your server's internal clock with the Network Time Protocol (NTP) server. 2FA requires the server time to be accurate to function properly.
  • Important: WHM’s 2FA only supports one concurrent session at a time for any user. If you have multiple browser tabs open running cPanel, and log out of one of them, the server will automatically log you out of the other tabs as well.
  • Warning: Use of this feature may cause some third-party applications to fail. It may also cause applications to improperly store data.
  • Warning: If you reconfigure 2FA for an existing cPanel account, any current 2FA configurations will no longer produce valid security codes on your local device and will need to be reset.

Enabling 2FA

On WHM

Currently, WHM provides an easy method to enable 2FA to further secure access to the cPanel platform

First, go to Home » Security Center » Two-Factor Authentication in WHM.

WHM 2FA Settings 2

You will notice that 2FA defaults to the OFF setting and begins on the Settings tab. Additionally, you will notice the Issuer text box. This is where you can modify the name of the associated service provider if you like.

Next, click the OFF button which will turn it to the ON setting which enables 2FA. Enter the provider name you would like to use. It defaults to the current server name.

Warning: DO NOT leave the 2FA page once you select this setting as it may enable 2FA without it being properly configured, and you may be locked out of WHM. You can however navigate within this screen without issue.

Next, click on the 3rd tab call Manage My Account. Here is where you will configure 2FA for WHM. On this tab, you'll notice that the status is currently Not Configured. To begin, click on the Set Up Two-Factor Authentication button.

WHM 2FA Manage My Account

The following image will appear. This is the image you will scan with your smart device app to set up 2FA locally.

Note: Please follow the links noted above to install and configure your individual 2FA application.

WHM 2FA Scan

Once you scan in this image, a time-based one-time password (TOTP) is created on your smart device.

Google 2FA App

The 2FA application will now show the OTP code for the site using the name of the server. Use the generated code from the app to enter the OTP into the text box entitled Security Code. Lastly, click on the Configure Two-Factor Authentication button to verify it was set up correctly.

cPanel 2FA Settings 4

You will then see The 2FA Security Policy is Enabled.

WHM 2FA Settings Enabled

When coming back to WHM, you may see the following screen when trying to log in. This is normal. Enter your username and password in the fields provided and then click the Log in button.

whm login

You will then be prompted to enter in your 2FA code. Enter your code from the 2FA app and click the Continue button.

2fa code

WHM will now open as normal.

whm

On cPanel

Next, we will enable 2FA on a cPanel account. This is similar to the process used in WHM. The next steps will need to be accomplished by the cPanel user as it does no good to have it enabled locally on the server owners mobile device.

Note:
If for some reason the 2FA option is not seen in the users cPanel interface, the server owner will need to enable it by editing the users package in WHM’s Feature Manager noted in the steps below.

Enable 2FA in Feature Manager

Go to Home » Packages » Feature Manager » Feature Lists.

Click on the name of the package in the Manage feature list dropdown menu (in our case, it is named default) and then click the Edit button.

WHM feature mgr

Next, begin typing Two-Factor Authentication in the search box and the Google Authenticator option will be shown. Click the checkbox next to that option and then click the Save button.

WHM feature Mgr

This will enable the 2FA option to be seen in the users cPanel account in the Security section as noted in the image below.

cPanel 2FA Settings 1

Enable 2FA in cPanel

Now, have the user open their cPanel account and click on the Two-Factor Authentication icon in the Security section. As you can see below, it states that 2FA is not configured for this account. Click on the Set Up Two-Factor Authentication button.

cPanel 2FA Settings 2

This will open a new screen showing the QR code they need to scan into their 2FA application.

cPanel 2FA Settings 3

Once they have scanned the QR code into their 2FA app, they need to then enter the 2FA code generated by the app into the Security Code text box shown below. Lastly, click the Configure Two-Factor Authentication button to complete the process.

cPanel 2FA Settings 4

They will then see the confirmation that 2FA is now set up on their cPanel account.

cPanel 2FA Settings 5

From now on, they will need to use their username, password and 2FA app code to log into cPanel.

Disable 2FA

On WHM

To disable 2FA in WHM, simply reverse the above procedure. First, go to Home » Security Center » Two-Factor Authentication in WHM. Then, click the ON button and click Save.

WHM 2FA Settings Enabled

Next, click on the Manage My Account tab and then, click the Remove Two-Factor Authentication button.

WHM Disable 2FA

You with then be prompted to confirm you wish to disable 2FA in WHM. Click the Continue button. This will disable 2FA in WHM

WHM 2FA Disabled

On cPanel

To disable 2FA on a users' cPanel account, begin by clicking on the Remove Two-Factor Authentication button.

cPanel Disable 2FA

Next, a confirmation screen will be shown. To continue, click the Remove button.

cPanel Disable 2FA 1

Then you will see a confirmation screen stating that 2FA was removed.

cPanel Disable 2FA 2

Clicking Go Back then takes you back to the 2FA screen.

cPanel Disable 2FA 3

On the Command Line

If you are more comfortable, we can disable 2FA in WHM via the command line using our terminal. Run this command. A returned status of "1" implies the command was a success.

root@host [~]# whmapi1 twofactorauth_disable_policy
---
metadata:
  command: twofactorauth_disable_policy
  reason: OK
  result: 1
  version: 1
root@host [~]#

To disable 2FA on a cPanel user account via the command line in our terminal, run this command using the specific username on the account. A returned status of "1" implies the command was a success.

root@host [~]# uapi --user=cpaneluser TwoFactorAuth remove_user_configuration
---
apiversion: 3
func: remove_user_configuration
module: TwoFactorAuth
result:
  data:
    tfa_removed: 1
  errors: ~
  messages: ~
  metadata: {}

  status: 1
  warnings: ~
root@host [~]#

Conclusion

Two-Factor Authentication is an excellent method to add an extra layer of security to all of your accounts. It requires a dual authentication method to gain access to an account so even if a password is compromised, 2FA is the redundancy you need to protect all of your accounts.

Should you have any issues enabling or disabling this technology, our support staff is always available to assist with any issues related to this article, 24 hours a day, 7 days a week 365 days a year.

We are available, via our ticketing systems at support@liquidweb.com, by phone (at 800-580-4986) or via a LiveChat.
We work hard for you so you don't have to!

About the Author: David Richards

David Richards has been an educator, a Technology Director, and now a Windows Administrator for 20+ years. He’s an English major with a love for technology and helping others find ways to use technology more effectively. In his free time, Dave loves to read, play games, and spend time his family.

Have Some Questions?

Our Sales and Support teams are available 24 hours by phone or e-mail to assist.

1.800.580.4985
1.517.322.0434

Latest Articles

What is a Webhook?

Read Article

Microsoft Exchange Server Security Update

Read Article

How to Monitor Your Server in WHM

Read Article

How to Monitor Your Server in WHM

Read Article

How to Fix Typical WordPress Errors

Read Article