I am in receipt of a more or less decently made mail that invites me to go to Cpanel.net to "reconfirm my account." Of course, the link does not go there, but to - Removed - (redacted to defang link.) This reminds me: When does Cpanel finally get 2factor auth? With it, even a successful phish would be out of water. I don';t know what is taking so long to enable 2factor. Cpanel clearly is under attack, and passworded Cpanel sites are very weak links in a big chain. I get 2factor for free with Webmin and sundry other products. Is it too much to ask to request this feature for something for which I am paying no insignificant amounts for two servers?