Two-Factor Authentication
If you are using assistive technology and are unable to read any part of the HostMonster website, or otherwise have difficulties using the HostMonster website, please call 866-573-HOST and our customer service team will assist you.
Skip to main content

HostMonster Web Hosting Help

Two-Factor Authentication

Two-factor authentication, also known as 2FA or two-step verification, is an optional feature designed to prevent anyone but you from accessing your hosting account by requiring two forms of identity verification: your password and an authentication code. 2FA is ideal for anyone looking to increase their account security because stealing your password isn't enough for a hacker to access your account. They would also need access to your mobile device or email account, depending on how you set it up.

This article explains everything you need to know about two-factor authentication and how you can use it on your account.



How Does It Work?

Once two-factor authentication is enabled, logging in to your account will work a bit differently. You'll enter your HostMonster username and password as usual, and then you'll be prompted to enter a 2FA authentication code which you'll get from an app on your mobile device or your email. Enter the 6-digit single-use code to complete the login process and access your account. Google Authenticator refreshes the code every 30 seconds, but the refresh rate varies per app. Regardless of the refresh rate, each code is valid for 5 minutes.

You'll be prompted to provide an authentication code in three situations:

  • When a login attempt is made.
  • Upon an attempt to enable or disable two-factor authentication.
  • To validate you're an authorized user on an account when you contact one of our support teams for assistance. In this situation, the authentication code is referred to as a validation token.

Access Two-Factor Authentication

Older Accounts
  1. Log in to your HostMonster account.
  2. Click the Accounts menu at the top of the page.
  3. Click Passwords in the submenu.
  4. Scroll down to Two-Factor Authentication.
Newer Accounts
  1. Log in to your HostMonster account.
  2. Click the accounts icon in the top right-hand corner of the page, then choose the Validation Token option.
  3. Scan the QR Code with the Google Authenticator App
  4. Click 'here' to complete the setup.

Enable Two-Factor Authentication

Two-factor authentication can be enabled separately for the main account password, the billing password, and each hosting password. However, you can only enable it for the password you used to log in to the account.

Mobile Device Setup

Most users prefer to use an authenticator app (like Google Authenticator) on their mobile device to retrieve the code for 2FA. An authenticator app allows you to access the code at any time, even without internet access. After you've installed an authenticator app, follow the steps below to set up 2FA and link your HostMonster account to your device:

  1. Use the authenticator app to scan the QR code or manually enter the Secret Key to add your HostMonster account to your device.
  2. Enter the 6-digit code displayed in the app and click Verify Token.

Email Setup

If you'd prefer to receive authentication codes by email, you can set up 2FA to send authentication codes to the email address of your choice. To make your account more secure, we recommend using an email address different from the one listed in the Account Profile.

  1. Access the Two Factor Authentication settings.
  2. Next to "Don't have a smartphone?" Click Click Here to be taken to email setup.
  3. Enter your email address and click Update to have a code emailed to you.
  4. Check your email for the authentication code.
  5. Enter the 6-digit code found in the email and click Verify Token.

How to Disable Two-factor Authentication

You can disable two-factor authentication by following these steps:

  1. Access the Two Factor Authentication settings.
  2. Click Disable Two-Factor Authentication.
  3. Enter the current authentication code and click Disable Two-Factor Auth.

Frequently Asked Questions

Why do I need to enable two-factor authentication?

You don't need to enable two-factor authentication; it's entirely optional. However, it's more common than you realize for a hacker to gain access to your password, so requiring an extra step will protect your account from unauthorized access.

Can I use a different two-factor smartphone application to do this?

Yes, there are several authenticator apps that can be used for this purpose; Google Authenticator is just one we prefer.


I entered the code but then I was redirected to the login screen. What's going on?

The code you entered is outdated or invalid. Individual codes are valid for about 5 minutes, even though Google Authenticator will refresh every 30 seconds and other apps may refresh at a different rate. Check the app or your email to be sure you're using the most recent code. If you have multiple accounts set up on the mobile app, make sure you're using the code for the correct account and that there aren't any spaces.


I'm locked out of my account and can't get a new code. What do I do?

This can happen if you've deleted the account from Google Authenticator (or the app of your choice), if you lost your phone, or for various other reasons. But we can help! Please contact the Billing Department for further assistance.


Will this prevent my websites from being hacked?

No. Enabling two-factor authentication prevents unauthorized persons from accessing your hosting account, but won't prevent criminals from hacking directly into your website by exploiting vulnerabilities in outdated scripts or plugins.


What else can I do to strengthen my account security?

There are many ways that you can keep your account safe. Here are a few tips:

  • Keep your software and scripts up to date.
  • Don't reuse passwords.
  • Don't share your account’s password with anyone.
  • Use a password manager.
  • Don't click the links in suspicious or unexpected emails.
  • Be careful of what you download from the internet.
  • Beware of phishing attempts
Knowledgebase Article 213,292 views bookmark tags: account password security


Was this resource helpful?

Did this resolve your issue?


Please add any other comments or suggestions about this content:





Recommended Help Content

Office 365 requires admins users to set up multi-factor authentication before they can use the account. If customers do not set up their multi-factor authentication within 48 hours, they may be locked out.
Knowledgebase Article 92,007 views tags: authentication factor mfa microsoft multi office

Accessing your account is as easy as entering your domain name and password on the login screen, or clicking one of our Single Sign-On options.
Knowledgebase Article 395,357 views tags: authentication factor login management password sign single sso

Validation tokens are an easy way to validate you're an authorized user.
Knowledgebase Article 166,841 views tags: account password security

Related Help Content

What can I do to increase my Site Security while hosting with HostMonster?
Knowledgebase Article 420,995 views tags: antivirus basic hacked keyloggers malware php security site

When you call in for help with your account, the account must be validated before our support staff can assist.
Knowledgebase Article 133,434 views tags: account security support validate validation

Strong passwords: How to create and use them.
Knowledgebase Article 509,805 views tags: create increase measure meter pass password strength strong

Where do I Change my Mailbox (Size) Quota? How do I Increase or Decrease Mailbox (Storage) Quota?
Knowledgebase Article 428,388 views tags: account change decrease email increase mailbox quota size

Instructions for restting your Email Account's Password through cPanel or Webmail
Knowledgebase Article 607,322 views tags: email forgot password reset webmail

This article explains the different password types for your hostmonster account.
Knowledgebase Article 234,005 views tags: billing cpanel hosting main password

This article will explain how to change the password for a database in the event that the original password is lost.
Knowledgebase Article 263,719 views tags: database mysql password

How to use use the FTP Account tool to create additional FTP Accounts. This is useful for granting FTP access to your account without giving anyone your cPanel password.
Video "How-to" Tutorial 1,171,306 views tags: account accounts cpanelutilities ftp login publish upload

This site utilizes JavaScript to function correctly. Looks like it's disabled on your browser. Please enable it for your best experience.

For instructions on enabling JavaScript, click here