How To

cPanel and Two-Factor Authentication

Making life more secure, one two factor at a time.

I’m talking a lot about security. There are reasons for that. If you’re not keeping your online behavior safe, you’re in for some headaches. Two-Factor Authentication (TFA or 2FA) is one of the better solutions as it protects you by requiring you to have a password and a physical object in order to log in.

WebHost Manager (the admin part of a cPanel server) has this.

Let’s Do This Thing! Let’s Do This Thing!

Go to WHM Home » Security Center » Configure Security Policies and check the box for Two-Factor Authentication.

Set TFA for cPanel

Next, go to Home » Security Center » Two-Factor Authentication and move the slider to enable:

Enable TFA

Click on the tab for “Manage My Account” and set up TFA for your root account.

Top ↑

The Problem…. The Problem….

Oh there’s a problem? Yeah, and it’s the age old problem of TFA. You can’t enforce it. I mean, you can’t turn it on for everyone and walk away singing the praises of your success. You have to turn it on as each user. That means they have to turn it on. You can’t even require it.

None of that means you shouldn’t do it. Everyone should do use TFA for their server connections. I use it for my servers and for my Gmail accounts. Protect yourself.

Top ↑

Extra Credit Extra Credit

Did you know you could turn on TFA for APIs on your server as well? Yeah.