Two-factor authentication for VPS hosting management Skip to main content
Sign up free! Already a user? Log in

Two-factor authentication for VPS hosting and server management

By ServerPoint's Team ·

Your Client Portal account controls everything: virtual servers, dedicated servers, WordPress installations, domain registrations, DNS settings, and billing. If someone gains unauthorized access to that account, the damage potential is significant. They could delete servers, change passwords, modify DNS, or access billing information.

That’s why we’ve added two-factor authentication (2FA) to the Client Portal.

Why passwords alone aren’t enough

Password breaches are extremely common. Large-scale data breaches regularly expose millions of username/password combinations, and many people reuse passwords across services. Credential stuffing attacks (where attackers try leaked passwords from other sites against your accounts) are automated and constant.

Even a strong, unique password can be compromised through phishing, keyloggers, or shoulder surfing. Two-factor authentication adds a second requirement: something you have (your phone), in addition to something you know (your password). Even if an attacker gets your password, they can’t log in without your phone.

How our 2FA works

When 2FA is enabled, logging into the Client Portal requires:

  1. Your email and password (as usual)
  2. A 6-digit code sent to your phone via SMS

The code expires after a short time, so even if someone intercepts it, they have a very narrow window to use it.

How to set it up

Log into the Client Portal, go to the top-right “Account” menu, and open your profile. Add your mobile number and optionally a backup number. We’ll send a verification code to confirm the number works. After that, every login will require the SMS code.

Setup takes about two minutes, and you only need to do it once.

Who should enable 2FA

Everyone. But especially:

  • Hosting resellers: If you manage VPS hosting for clients, your portal account controls their infrastructure. Protect it.
  • Business accounts: If your company’s production servers run on our dedicated servers or VPS, unauthorized access could take your business offline.
  • Anyone managing DNS: DNS changes can redirect your website traffic to an attacker’s server. 2FA on your portal account prevents unauthorized DNS modifications.

Questions

If you have questions about 2FA or need help setting it up, open a ticket with our support team.

Product updates #general
Back to all posts