Menu Close

Two-factor authentication

With two-factor authentication (or 2FA for short), you can minimize the risk of unauthorized access to your account.

In addition to the password, an additional code (one-time password or OTP for short) is required to log in, which is created by an authenticator app and is valid for 30 or 60 seconds.

Necessary requirements

To activate two-factor authentication for your access to ISPConfig on our managed servers as a user or with an email address (mail user), you first need a suitable app on your mobile. We recommend using cloud-based authenticator apps that can restore access if you lose your hardware device.

Enable 2FA authentication

Log in to ISPConfig on your server as usual. Under Settings, you can then activate 2FA authentication by setting the mode to 2FA. If you are logged in as a mail user, select Password instead of Settings on the left-hand side.

You will be shown a QR code that you can simply scan with the Authenticator app. If you do not have this option, you can also set it up manually. All you have to do is enter the data shown.

As soon as you have set up access in the app, you can activate 2FA authentication. To do this, you must enter your current password and the code that the authenticator app shows you.

If you click on “Register with 2FA app“, you will be shown recovery codes. You should copy these and save them in a safe place. If you lose access to the app or are unable to use it, you can use each recovery code once as a one-time password to log in.

Important: the recovery codes will no longer be displayed later.

Click “Save” to activate the changes as usual and two-factor authentication will be activated immediately.

Login with two-factor authentication

After logging in with your username or email address, you will be shown another page where you have to enter the OTP code that the Authenticator app displays.

If you have lost access to the app, you can also use one of the recovery codes.

Disable 2FA authentication

If you want to deactivate 2FA authentication again, proceed as described and reset the mode.

You must then enter and confirm your current password for verification.

Click “Save” to activate the changes as usual and two-factor authentication is now deactivated.

Disable 2FA authentication as admin

As an administrator, you can turn off 2FA authentication for each ISPConfig user.

Under System, open the User management section and select the relevant user under ISPConfig users.

To deactivate, simply deactivate 2FA and save the settings.