Two-Factor Authentication | Bluehost Support
Support

  1. bluehost knowledge base

 

Two-Factor Authentication

Bluehost's Two-factor Authentication, also known as 2FA, is an optional feature to prevent anyone but yourself from accessing your hosting account by requiring two identity verification forms: your password and an authentication code. 2FA is ideal for anyone looking to increase their account security because stealing your password isn't enough for hackers to access your account. Depending on your setup, they also need access to your mobile device or email account.   

This article covers everything you need about two-factor authentication and how to use it on your account. 

Note: This article explains the split experience between the Rock and Account Manager platforms when setting up the Two-factor authentication. Please see Account Manager vs Rock to learn more.   

How Does It Work?

Once two-factor authentication is enabled, logging in to your account will work differently for Rock customers, and those customers already migrated to the new Bluehost Account Manager interface. You'll enter your Bluehost username and password as usual. Then you'll be prompted to enter a 2FA authentication code that you'll get from an app on your mobile device, your email, or your phone number. Enter the 6-digit single-use code to complete the login and access your account. Google Authenticator refreshes the code every 30 seconds, but the refresh rate varies per app. Regardless of the refresh rate, each code is valid for 5 minutes. 

You'll be prompted to provide an authentication code in three situations: 

  • When a login attempt is made 
  • Upon an attempt to enable or disable two-factor authentication 
  • To validate you're an authorized user on an account when you contact one of our support teams for assistance (In this situation, the authentication code is referred to as a validation token)

Enable Two-Factor Authentication

Two-factor authentication can be enabled separately for the main account, billing, and hosting passwords. However, you can only enable it for your password to log in to the account. You can enable the two-factor authentication by following these steps:

Bluerock

Mobile Device Setup

Most users prefer to use an authenticator app (like Google Authenticator) on their mobile devices to retrieve the code for 2FA. An authenticator app allows you to access the code anytime, even without internet access. After you've installed an authenticator app, follow the steps below to set up 2FA and link your Bluehost account to your device:

  1. Log in to your Bluehost control panel.
  2. Click the Accounts menu at the top of the page.
    bh-rock-account-icon
  3. Click Security in the submenu.
    rock-account-security-section
  4. Scroll down to Two-Factor Authentication.
  5. Use the authenticator app to scan the QR code or manually enter the Secret Key to add your Bluehost account to your device.
  6. Enter the 6-digit code displayed in the app and click Verify Token.

Email Setup

Suppose you'd prefer to receive authentication codes by email. In that case, you can set up the 2FA to send authentication codes to the email address of your choice. To make your account more secure, we recommend using an email address different from the one listed in the Account Profile. 

  1. Log in to your Bluehost control panel.
  2. Click the Accounts menu at the top of the page.
    bh-rock-account-icon
  3. Click Security in the submenu.
    rock-account-security-section
  4. Scroll down to Two-Factor Authentication.
    two-factor-authenticator.png
  5. Next to "Don't have a smartphone?" Click the Click Here to be taken to email setup.
  6. Enter your email address and click the Update button to have a code emailed to you.
  7. Check your email for the authentication code.
  8. Enter the 6-digit code found in the email and click Verify Token.

Account Manager

You can enable the two-factor authentication in Account Manager by following these steps:
  1. Log in to your account. 
  2. Locate the name of the user in the user in the upper right corner and do the following steps below: 
    1. Click the Name of the User (your name). 
    2. Please hover your mouse and click My Profile.
      Bluehost My Profile dropdown option
  3. In the Security section, click the ACTIVATE button under the 2 Step Verification section. 
    Activate 2FA button
  4. Tick the Box to agree to activate 2-Step Verification for the account, then click the ACTIVATE button.
    Activate 2FA page
  5. Remember to take note of the Recovery Key, where you will always be able to locate it, then click the FINISH button.
    Save Recovery Key button

Note:

How to Disable Two-factor Authentication

You can disable two-factor authentication by following these steps:

 Bluerock

  1. Log in to your Bluehost control panel.
  2. Click the Accounts menu at the top of the page.
    bh-rock-account-icon
  3. Click Security in the submenu.
    rock-account-security-section
  4. Scroll down to Two-Factor Authentication.
  5. Click Disable Two-Factor Authentication.
  6. Enter the current authentication code and click Disable Two-Factor Auth.

Account Manager

You can disable the two-factor authentication in Account Manager by following these steps:
  1. Log in to your account. 
  2. Locate the name of the user in the upper right corner and do the following: 
    • Click the Name of the User (your name). 
    • Hover your mouse and click My Profile.
      Account Manager My Profile dropdown
  3. Click the DISABLE button under the 2 Step Verification section in the Security section. 
    Disable 2FA link
  4. Tick the Box to acknowledge that the 2-Step Verification will be disabled for the account, then click the DISABLE button.
    Disable 2FA button

Frequently Asked Questions

Q: 

Why do I need to enable two-factor authentication? 

A: You don't need to enable two-factor authentication; it's optional. However, it's more common than you realize for a hacker to gain access to your password, so requiring an extra step will protect your account from unauthorized access. 

Q: 

Can I use a different two-factor smartphone application to do this? 

A: Yes, several authenticator apps can be used for this purpose; Google Authenticator is just one we prefer.  

Q: 

I entered the code but was then redirected to the login screen. What's going on? 

A: The code you entered needs to be updated or validated. Individual codes are valid for about 5 minutes, even though Google Authenticator will refresh every 30 seconds. Other apps may refresh at a different rate. Check the app or your email to be sure you're using the most recent code. If you have multiple accounts on the mobile app, make sure you're using the correct account code and that there aren't any spaces. 

Q: 

I'm locked out of my account and can't get a new code. What do I do?

A: This can happen if you've deleted the account from the Google Authenticator app (or the app of your choice), lost your phone, or for various other reasons. But we can help! Please get in touch with our customer service at 888-401-4678 for further assistance. 

Q: 

Will this prevent my websites from being hacked?

A: No. Enabling two-factor authentication prevents unauthorized persons from accessing your hosting account. Still, it won't prevent criminals from hacking directly into your website by exploiting vulnerabilities in outdated scripts or plugins.

Q: 

What else can I do to strengthen my account security? 

A: There are many ways that you can keep your account safe. Below are the tips you can follow:

  • Keep your software and scripts up to date.
  • Don't reuse passwords.
  • Don't share your account's password with anyone.
  • Use a password manager.
  • Don't click the links in suspicious or unexpected emails.
  • Be careful of what you download from the internet.
  • Beware of phishing attempts.

If you need further assistance, feel free to contact us via Chat or Phone:

  • Chat Support - While on our website, you should see a CHAT bubble in the bottom right-hand corner of the page. Click anywhere on the bubble to begin a chat session.
  • Phone Support -
    • US: 888-401-4678
    • International: +1 801-765-9400

You may also refer to our Knowledge Base articles to help answer common questions and guide you through various setup, configuration, and troubleshooting steps.