To enhance the security of your web hosting account, users can optionally enable Two-Step Authentication (2FA) as an additional safety precaution when logging into the DirectAdmin web control panel.

In order to use Two-Step Authentication you need to download the Google Authenticator App for your phone (or equivalent), and scan in the QR code.

Before you begin, please confirm your mobile device system clock is in sync.

1. Please install Google Authenticator in your mobile device
• Android users can download Google Authenticator from the Google Play Store
• iOS users can download Google Authenticator from the Apple App Store
2. Login to DirectAdmin and click Advanced Features > Two-Step Authentication
3. Optional: Users of the "Enhanced" theme for DirectAdmin can click on the Password link. In the Password page click Two – Step Authentication
4. Click Generate Secret, the system will generate a QR code
5. Now, please turn on your Google Authenticator and tap on the red + icon
6. Scan the QR Code
7. Go back to the DirectAdmin control panel from where you can test whether your code is valid or not
8. If the QR code is valid, you can enable “Two-Step Authentication” by placing a checkmark at "Require valid Two-Step Authentication code to login"
9. Set API permissions if required and enable failed login notifications
10. Click Save

Scratch Codes

You can also add Scratch Codes that can be used in case of emergency when you don't have access to your phone. Press the Add Codes button to generate the scratch codes.

You will have to choose an expiry date for the scratch codes. Enter a desired expiration date and press the Add Codes button again. A table of generated codes will appear. Write them down or print them by pressing the Print button.

Notes:

• Screen captures of QR codes, kept in a safe place can be useful in case you lose your mobile device. You can use another device to complete the same procedure to recover access to your account.
• The code will be updated once every minute approximately
• Ensure that the system time of your mobile device is in sync. Google authenticator uses system time and QR codes to generate your one-time code

For Google Authenticator installation, please refer to https://support.google.com/accounts/answer/1066447?hl=en