Skip to main content
Two-factor authentication (2FA) adds a second step to your cPanel login. After entering your password, you also enter a time-based code from an authenticator app on your phone. This means a stolen password alone isn’t enough to access your account. For more ways to protect your account, see Hosting security best practices.

Before you start

Install an authenticator app on your phone. Any app that supports time-based one-time passwords (TOTP) will work:
  • Google Authenticator (Android, iOS)
  • Authy (Android, iOS, desktop)
  • Microsoft Authenticator (Android, iOS)
  • 1Password, Bitwarden, and most password managers also support TOTP codes.

Set up 2FA

1

Open the 2FA settings

Log in to cPanel through your client area or at yourdomain.com/cpanel. Go to Security > Two-Factor Authentication.
2

Link your authenticator app

Click Set Up Two-Factor Authentication. cPanel displays a QR code. Scan it with your authenticator app.If you can’t scan the QR code, enter the Account and Key values shown on screen into your app manually.
3

Enter the security code

Your authenticator app generates a six-digit code that changes every 30 seconds. Enter the current code in the Security Code field and click Configure Two-Factor Authentication before the code expires.
From now on, cPanel will ask for a security code after you enter your password. You need your phone to log in.
If you see a “The security code is invalid” error, the clock on your phone may be out of sync. Make sure your phone’s date and time are set to automatic. If the problem persists, contact SpeedyPage support.

Reconfigure 2FA

If you switch to a new phone or a different authenticator app, you need to reconfigure 2FA.
1

Open the 2FA settings

In cPanel, go to Security > Two-Factor Authentication.
2

Reconfigure

Click Reconfigure. This generates a new QR code and key. Scan the new QR code with your authenticator app and enter the security code to confirm.
Reconfiguring overwrites your existing 2FA setup. Codes from your previous configuration will stop working, and any other cPanel browser sessions will be logged out.

Remove 2FA

To disable 2FA entirely, go to Security > Two-Factor Authentication and click Remove Two-Factor Authentication. cPanel will only require your password to log in.

Lost access to your authenticator app

If you’ve lost your phone or uninstalled your authenticator app and can’t log in, contact SpeedyPage support. We’ll verify your identity and disable 2FA on your account so you can log in and set it up again.
Some authenticator apps (Authy, 1Password, Bitwarden) sync your TOTP codes across devices or to the cloud. Using one of these means losing a single device won’t lock you out.