Accessing account with 2FA enabled if phone is lost

menathor · Apr 5, 2016

Hi guys,

I'd like to enable 2FA on my WHM / cpanel on my VPS, however I can't find any information in the documentation or forums re: what would happen if my phone was lost or stolen. Most sites (eg. Google, Amazon, Microsoft etc) which allow enabling 2FA provide a backup option such as a code or SMS in the event the device is lost.

Is there any similar option with cpanel / WHM's 2FA, or would I be unable to access my account if something happens to my phone?

Cheers

cPanelMichael · Apr 5, 2016

Hello

You could take a screenshot of your QR code or print the secret key that's provided when initially enabling two-factor authentication on an account. Or, you could consider implementing an external authentication solution. EX:

Guide to External Authentication - OpenID Connect - Software Development Kit - cPanel Documentation

Examples that demonstrate other methods (e.g. Google, Facebook, Amazon) are available in the "/usr/local/cpanel/Cpanel/Security/Authn/Provider/" directory with the .sample file extension. For example, if you copy "Google.pm.sample" to "Google.pm", Google becomes an available option and a link to further instructions from Google is displayed:

OpenID Connect

Note that cPanel version 56 will display these providers by default.

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
	SSH - Accessing sent publickey gssapi-keyex gssapi-with-mic	Security	1	Jan 2, 2023
H	Restrict user from accessing other cPanel account files	Security	7	Apr 8, 2022
P	Problem accessing a web page / redirection to page 404 / certificate error.	Security	3	Oct 2, 2021
E	anyway to block phpmyadmin from accessing the db server if its installed manually on an account?	Security	4	Mar 22, 2013
P	Accessing accounts with my ip and the account username is not working	Security	1	Jan 2, 2012

Search

Search

Accessing account with 2FA enabled if phone is lost

menathor

Registered

cPanelMichael

Administrator