We all are well aware of accounts getting compromised to to weak or leaked passwords. Now w.r.t. cPanel or WHM accounts, for additional login security, we can easily implement Two Factor Authentication (2FA).
So what does exactly 2FA means? 2FA adds an additional layer of security beyond a password based login. A normal login system matches the user entered password with a hash or a checksum from a stored password. With 2FA, after a user has logged in using the password, he is required to enter a code to complete the login process. This code is available on an authenticator app like Google Authenticator. Importantly this code is refreshed/generated after every n no. of seconds like 60s.
Now to implement the above mentioned scheme, you first have to install the Google Authenticator App on to your mobile phone. And then login into your cPanel account and under Security, click Two-Factor Authentication.
Now you would be presented with a screen showing the current status of Two-Factor Authentication. If you have not set it already, please click the button ‘Setup Two-Factor Authentication’
In the above screen you are presented with a QR Code. Scan this QR code using the Google Authenticator App. If you are using the Authenticator App for the 1st time, click on the ‘+’ icon in the bottom left corner of the screen. Then you will be presented with two options. Click on ‘Scan a QR code. Now just scan the QR code which is shown in the browser’s cPanel window.
Upon successfully scanning the code, the Google Authenticator App will show the code. (typically 6 digits) . Now just put that code in the ‘Step 2’ of the browser’s cPanel window and click on ‘Configure Two-Factor Authentication’.
Well thats all to it. Now when you log again into cPanel, you would of-course as usual need to enter your username and password, but after a successful login, the system will ask you to key in your Two-Factor (2FA) code. For that simply just open the Google Authenticator App and put in the current code. Thats it !
We at Pack Web Hosting offer 2FA on all our VPSs/Servers.