Thread: Best 2FA Options for WHM/cPanel? Looking for Trusted Device Workarounds

I’m trying to find the best two-factor authentication (2FA) method for WHM/cPanel. I know It’s easy to use options like Google Authenticator, Authy, or Duo, but every time I log in, it asks for a 2FA code. I get that it’s important for security, but entering the code each time is annoying. I wish there was a way to mark my device as trusted so it doesn’t keep asking, but that option isn’t available. Do you know any other solutions or workarounds?

Originally Posted by iRexta

I’m trying to find the best two-factor authentication (2FA) method for WHM/cPanel. I know It’s easy to use options like Google Authenticator, Authy, or Duo, but every time I log in, it asks for a 2FA code. I get that it’s important for security, but entering the code each time is annoying. I wish there was a way to mark my device as trusted so it doesn’t keep asking, but that option isn’t available. Do you know any other solutions or workarounds?

Just curious, do you know what the acronym "2FA" stands for? If so, how many Factors do you think your [trusted] device represents?

Passkey support would be nice

The fix for this is actually pretty easy

Step 1: Use 1password
Step 2: Use TOTP / Google 2fa. Generate the 2fa key with 1password
Step 3: Integrate 1password into your browser, on your phone, everywhere

This (kind of) defeats the purpose of 2fa, but not really, because it means that you're still REQUIRING that second factor, it's just integrated into your browser better.

Originally Posted by whmcsguru

The fix for this is actually pretty easy

Step 1: Use 1password
Step 2: Use TOTP / Google 2fa. Generate the 2fa key with 1password
Step 3: Integrate 1password into your browser, on your phone, everywhere

This (kind of) defeats the purpose of 2fa, but not really, because it means that you're still REQUIRING that second factor, it's just integrated into your browser better.

"How to make 2FA, 1FA, in three easy steps".

Originally Posted by porcupine

"How to make 2FA, 1FA, in three easy steps".

Nah, not at all
It's still 2fa
I still have to open up 1password to get the code, beit on my phone, or on my browser (a little easier on the browser)
Without that code, you're still not getting in

It's just as effective, just easier to work with

Originally Posted by whmcsguru

Nah, not at all
It's still 2fa
I still have to open up 1password to get the code, beit on my phone, or on my browser (a little easier on the browser)
Without that code, you're still not getting in

It's just as effective, just easier to work with

I don't use 1password, so wasn't entirely sure, but it sounded like the one app would have access to generate all of the information necessary to proceed, aka 1FA

That was partly based on the assumption it was doing what the @OP wanted, to make 'em not have to independently generate/input a 2FA code (sounds like your method doesn't reduce their workload, as it really shouldn't, heh).

It depends on the implementation and the browser, honestly

1password provides the storage facility for credentials (including TOTP/2fa)
With Edge, I tell 1password to fill in the user/password, and get thrown into the second phase of 2fa.
After filling in the password, 1password comes up again and allows me to fill in 2fa , or I can pop open the extension and copy the code

This is just a better way to handle the workload, honestly. You're still not getting in without that second factor, and just like any password managere, you need to authenticate to actually get into 1password, beit biometrics (iOS, Android) PIN (Win 11) or password (win 10) the first time you boot up, and periodically (depending on settings)

I find it to be a much better way to deal with 2fa, myself.