Accessing account with 2FA enabled if phone is lost

menathor

Registered
Apr 5, 2016
3
0
1
Australia
cPanel Access Level
Website Owner
Hi guys,

I'd like to enable 2FA on my WHM / cpanel on my VPS, however I can't find any information in the documentation or forums re: what would happen if my phone was lost or stolen. Most sites (eg. Google, Amazon, Microsoft etc) which allow enabling 2FA provide a backup option such as a code or SMS in the event the device is lost.

Is there any similar option with cpanel / WHM's 2FA, or would I be unable to access my account if something happens to my phone?

Cheers
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello :)

You could take a screenshot of your QR code or print the secret key that's provided when initially enabling two-factor authentication on an account. Or, you could consider implementing an external authentication solution. EX:

Guide to External Authentication - OpenID Connect - Software Development Kit - cPanel Documentation

Examples that demonstrate other methods (e.g. Google, Facebook, Amazon) are available in the "/usr/local/cpanel/Cpanel/Security/Authn/Provider/" directory with the .sample file extension. For example, if you copy "Google.pm.sample" to "Google.pm", Google becomes an available option and a link to further instructions from Google is displayed:

OpenID Connect

Note that cPanel version 56 will display these providers by default.

Thank you.