Two-Factor Authentication (2FA) adds extra security to your cPanel and webmail accounts. With 2FA, you need your password and a code from an app on your phone to log in.
Before you start, set up an authenticator app to use 2FA, you first need an app on your phone that can generate time-sensitive codes (these are called one-time passwords).
We recommend:
Download and install one of these apps from your phone’s app store before starting the steps below.
How to Enable 2FA in cPanel:
- Log in to cPanel.
- Find Two-Factor Authentication
In the cPanel home screen, look for the “Security” section. Click on 'Two-Factor Authentication'.
- Set Up 2FA
Click 'Set Up Two-Factor Authentication'.

- Scan the QR Code

- Open your 2FA app (like Google Authenticator or Duo Mobile).
- Use the app to scan the QR code shown on your cPanel.
- The app will add your cPanel account as and show you a 6-digit code.
- Enter the Code
- Type the 6-digit code from your app into cPanel.
- Click 'Configure Two-Factor Authentication'.
- All Done!
2FA is now active. Next time you log in, you will need to enter both your password and a code from your authentication app.
Note: 2FA is working only when you access cPanel from the URL (yourdomain.com/cpanel or yourdomain.com:2083 ), 2FA is skipped if you use the cPanel link from 2MHost admin area.
Using 2FA with Webmail (Email Accounts):
To secure Webmail logins with 2FA, each individual email account needs to set up its own two-factor authentication. You cannot use the same code you use for the main cPanel account.
How to Enable 2FA for Your Webmail Account?
- Log in to Webmail
Go to yourdomain.com/webmail or yourdomain.com:2096 and log in with your email address and password.
- Access 2FA Setup
Once logged in, look for the 'Two-Factor Authentication' link under 'Edit Your Settings'
- Set Up with Your 2FA App
- Use your authenticator app (like Google Authenticator) to scan the unique QR code provided for your email account.
- This will add your email account to the app and generate a separate 6-digit code.
- Enter the One-Time Code
- Enter the code from your app back into the Webmail 2FA setup screen.
- Save or confirm the settings.
- You're Done!
The next time you log in to Webmail, after entering your password, you’ll also need to enter the code from your authenticator app for that email account.
Note:
The 2FA setup for each email account is independent. Each email user should do this for their own Webmail login.
Disable Two-Factor Authentication for cPanel:
You can disable/remove 2FA at any time, use your cPanel > 'Two-Factor Authentication' and click 'Remove Two-Factor Authentication'.