Blog Winston AI @CustomerPanel
UnderHost
Knowledgebase Docs
/
Tools
CloudPanel Security 2FA Beginner

How to enable two-factor authentication in CloudPanel

Add an extra layer of security to your CloudPanel login with TOTP two-factor authentication using Google Authenticator or a compatible app.

UnderHost NOC Network Operations
4 min read Updated June 2026
On this page

Two-factor authentication (2FA) adds a one-time code to your login process. Even if your password is stolen, an attacker cannot log in without the code from your phone. It is one of the most effective protections for any admin panel.

What is 2FA?

CloudPanel supports TOTP (Time-based One-Time Password) two-factor authentication. When enabled, after entering your username and password, you are asked for a 6-digit code generated by an authenticator app on your phone. The code changes every 30 seconds and can only be used once.

Enable 2FA in CloudPanel

  1. Install an authenticator app

    Install one of the compatible apps on your phone before starting (see list below).

  2. Open Account Settings

    Log in to CloudPanel. Click your username in the top right corner and select Account Settings (or Profile).

  3. Enable Two-Factor Authentication

    Find the Two-Factor Authentication section and click Enable.

  4. Scan the QR code

    A QR code is displayed. Open your authenticator app, tap Add Account or the + button, choose Scan QR code, and scan the code shown in CloudPanel.

  5. Confirm and save

    Enter the 6-digit code currently shown in your authenticator app into the confirmation field in CloudPanel. Click Confirm or Enable. 2FA is now active.

Save the backup code or secret key

CloudPanel shows a backup code or secret key when you set up 2FA. Save this in a secure location (password manager or printed and stored safely). If you lose access to your authenticator app, this code is the only way to recover access without SSH intervention.

Compatible authenticator apps

Any TOTP-compatible app works with CloudPanel:

  • Google Authenticator (Android / iOS)-simple and widely used
  • Authy (Android / iOS / Desktop)-supports encrypted cloud backup of codes
  • Microsoft Authenticator (Android / iOS)
  • 1Password-integrates TOTP into your password manager
  • Bitwarden-free password manager with TOTP support

Authy or Bitwarden are recommended because they offer encrypted backups-if you lose your phone, you can recover your 2FA codes without needing the original secret key.

Lost access to your 2FA device

If you lose your phone or uninstall the authenticator app and cannot log in:

  • Use the backup code you saved when setting up 2FA to log in and disable 2FA temporarily
  • If you do not have the backup code: connect via SSH and use the CloudPanel CLI to disable 2FA:
clpctl user:disable:mfa --userName=admin

This command requires root SSH access. After running it, log in to CloudPanel without 2FA and re-enable it with your new device.

Related: CloudPanel security basics-users, SSH, and access control | How to enable two-factor authentication (2FA) in CustomerPanel | Creating and managing secure passwords

Was this article helpful?

Need CloudPanel on a server?

Use CloudPanel on an UnderHost VPS or dedicated server for fast PHP app and WordPress hosting without a heavy panel stack.

View CloudPanel CustomerPanel

Related articles

Back to CloudPanel