Logo
Bearhost Logo
Knowledge BaseSecurity & SSL

How to Enable Two-Factor Authentication

By Elliot, BearHost·

Two-factor authentication (2FA) adds a second layer of security beyond your password. Even if someone steals your password, they cannot log in without the code from your authenticator app.

Why 2FA Matters

  • Passwords get compromised through data breaches, phishing, and brute-force attacks
  • Hosting accounts are high-value targets — attackers can deface websites, steal data, or send spam
  • 2FA blocks 99.9% of automated attacks according to security research

Prerequisites

Install an authenticator app on your phone:

  • Google Authenticator (iOS, Android) — simple, widely used
  • Authy (iOS, Android, Desktop) — supports cloud backup and multiple devices
  • Microsoft Authenticator (iOS, Android) — good for Microsoft ecosystem
  • 1Password / Bitwarden — password managers with built-in TOTP support

Part 1: BearHost Client Area 2FA

Secure your billing and account management portal.

  1. Log in to the BearHost Client Area at my.bearhost.com
  2. Click your name in the top right > Security Settings
  3. Find Two-Factor Authentication and click Enable
  4. A QR code will appear on screen
  5. Open your authenticator app and scan the QR code
  6. Enter the 6-digit code from the app to verify
  7. Save your backup code — store it somewhere safe (password manager, printed copy in a secure location)

Important: Save Your Backup Code

The backup code is your emergency access method if you lose your phone. Without it, you will need to contact support with identity verification to regain access.

Part 2: cPanel 2FA

Secure your hosting control panel separately.

  1. Log in to cPanel
  2. Go to Security > Two-Factor Authentication
  3. Click Set Up Two-Factor Authentication
  4. Scan the QR code with your authenticator app
  5. Enter the 6-digit verification code
  6. Click Configure Two-Factor Authentication

From now on, cPanel will ask for a code after your password on every login.

Part 3: WHM 2FA (VPS/Dedicated Servers)

If you have a VPS or dedicated server with WHM access:

  1. Log in to WHM
  2. Go to Security Center > Two-Factor Authentication
  3. Click Enable to require 2FA for all WHM users
  4. Set up your own account by scanning the QR code
  5. Configure whether to require 2FA for all cPanel users on the server

Managing 2FA

Switching Phones

Before switching to a new phone:

  1. Install the authenticator app on your new phone
  2. Log in to each service and go to 2FA settings
  3. Disable 2FA, then re-enable it and scan with the new phone
  4. Verify the new phone generates working codes before wiping the old phone

If you use Authy, your tokens sync across devices automatically.

Lost Phone Recovery

If you lose your phone and have your backup code:

  1. Enter the backup code when prompted for 2FA
  2. Immediately set up 2FA again with a new device
  3. Generate new backup codes

If you have lost both your phone and backup codes:

  1. Contact BearHost support with proof of identity
  2. We will verify your account ownership
  3. 2FA will be disabled so you can set it up again

Disabling 2FA

BearHost Client Area: Security Settings > Two-Factor Authentication > Disable

cPanel: Security > Two-Factor Authentication > Remove Current Configuration

WHM: Security Center > Two-Factor Authentication > Disable

Best Practices

  • Enable 2FA on all three — client area, cPanel, and WHM (if applicable)
  • Use different passwords for your client area and cPanel
  • Store backup codes in a password manager, not in your email
  • Use a password manager to generate and store strong, unique passwords
  • Review active sessions periodically and log out of unused sessions
  • Keep your authenticator app updated for the latest security patches
  • Consider a hardware key (YubiKey) for the highest security level
Tags:#security#2fa#two-factor-authentication#cpanel#authenticator#account-security

Related Articles

Back to Security & SSL