What to do when you have lost your device or app and have no backup codes stored.
User with API or WHMCS environment connected
What to do when multiple employees use the same credentials or do not own a mobile phone?
Two-factor authentication (2FA) adds an extra layer of security by requiring both a password and a second verification method (like a phone or authentication app) to access an account.
While we’ve offered two-factor authentication (2FA) for years, it will become mandatory for all accounts starting October 28th 2025 to ensure stronger protection against unauthorized access.
How to set up 2FA
You can set up Two-factor authentication via your control panel, section Account > Security > Two-factor authentication. You will be setting up the Two-factor authentication for the user you are currently logged in as.
Just follow the steps on the screen to set up Two-factor authentication. Scan the QR code using an authentication app like Google Authenticator, Authy, Microsoft Authenticator. If you don't have one, download it from the App Store or Google Play.
Backup codes
Once you have successfully set up the 2FA, backup codes will be shown.
Important: These codes are only shown once!
You will need these backup codes in case you have lost your 2FA configuration or device and want to log in. Without the 2FA code or the backup code, you can not directly log in to your account anymore.
Click on download to download the list of codes.
What to do when you have lost your device or app and have no backup codes stored.
Please contact the admin user of your account.
They can file an email to support department from their registered e-mail address, requesting a code reset. Please note that this will be manually reviewed and verified and might take a few hours before processed. Therefore we recommend to store your backup codes in a convenient and safe place in order to avoid any interruptions so your activities can continue smoothly.
User with API or WHMCS environment connected
2FA will only be asked when you access the control panel via the website interface (RCP). It will not cause any connection issues when you use the same user for your API or API based environment like WHMCS etc.
What to do when multiple employees use the same credentials or do not own a mobile phone?
We would recommend that every employee has his own user account and credentials. This will increase the security and will help identify specific user actions. New users can be added via the Control Panel by the Admin user.
In case a user does not have a mobile phone or multiple employees share a set of credentials, we would recommend to use a password manager (for example "Bitwarden"), which can help manage the 2FA code, which can be accessed by multiple employees from different locations.
