Skip to main content

Securing Your Account with Two-Factor Authentication

Passwords can be guessed, phished, or leaked in data breaches. Two-Factor Authentication (2FA) solves this by requiring a second proof of identity — a time-based code from your phone — every time you log in. Even if someone steals your password, they still cannot get into your account without that code. Think of it like this: your password is the key to your front door, and 2FA is the deadbolt. Both need to be unlocked to get in.

Difficulty

Beginner

Time

5 Minutes

What You Will Need

Before you start, download an authenticator app on your phone. Any TOTP (Time-based One-Time Password) app will work. Here are the most popular options:
AppPlatformNotes
Google AuthenticatoriOS, AndroidSimple, no account needed, free
AuthyiOS, Android, DesktopSupports cloud backup and multi-device sync
Microsoft AuthenticatoriOS, AndroidGood if you already use Microsoft services
1PasswordiOS, Android, DesktopBuilt into the password manager
BitwardeniOS, Android, DesktopBuilt into the free password manager
If you are not sure which to pick: Google Authenticator is the simplest choice, while Authy is the safest if you worry about losing your phone since it can back up your codes to the cloud.

Enabling Two-Factor Authentication

1

Navigate to Account Settings

Click on Account in the top navigation bar of the control panel.
2

Open the Two-Factor Authentication Tab

Click on the Two-factor Authentication tab in the account settings navigation.
3

Begin Activation

If 2FA is not yet enabled, you will see an option to activate it. Click the Activate button to begin the setup process.
4

Scan the QR Code with Your Authenticator App

A QR code will appear on screen. Open your authenticator app and scan it:
  • Google Authenticator: Tap the + button, then Scan a QR code
  • Authy: Tap Add Account, then Scan QR Code
  • Microsoft Authenticator: Tap +, choose Other account, then scan
  • 1Password / Bitwarden: Edit the login entry for FREAKHOSTING and add a one-time password field, then scan
Once scanned, your app will show an entry labeled something like FREAKHOSTING or cloud.freakhosting.com with a 6-digit code that refreshes every 30 seconds.Can’t scan the QR code? Most setup screens also provide a manual entry key — a long text string you can type into your authenticator app instead of scanning.
5

Enter the Verification Code

Your authenticator app is now generating 6-digit codes that change every 30 seconds. Type the current code into the verification field on screen and confirm. This proves the link between your account and your app is working correctly.Tip: If the code does not work, wait for the next one. Codes expire quickly, and if you type one right as it is about to change, it may be rejected.
6

Save Your Backup Codes Immediately

After activation, you will be given a set of one-time backup codes. These are your emergency access method if you ever lose your phone or cannot open your authenticator app.Do this right now:
  • Copy them to your password manager
  • Print them and store the paper in a safe place
  • Save them in an encrypted file
Do not store them in an unprotected note on your phone (the same device with your authenticator app — if you lose the phone, you lose both).

Managing Backup Codes

Backup codes are one-time-use codes that let you log in when your authenticator app is unavailable — dead phone, lost device, factory reset, you name it. Here is how they work after 2FA is enabled:
  • Click the Backup codes button on the Two-factor Authentication page to view or regenerate your codes.
  • Each backup code can only be used once. After you use one, it is permanently crossed off the list.
  • If you are running low on codes (or if you suspect someone else has seen them), regenerate a new set immediately. This invalidates all previous codes.
Pro tip: Keep a count of how many backup codes you have left. If you are down to your last one or two, regenerate a fresh batch before you actually need them in an emergency.

Managing Trusted Devices

Typing a 2FA code every single time you log in from your home computer can get tedious. When you log in with 2FA, you may have the option to trust the device so that particular browser skips the 2FA prompt for a set number of days. The Two-factor Authentication page shows a Trusted Devices table with details about each device you have marked as trusted:
ColumnDescription
DeviceThe type of device (e.g., Apple Mac, Apple iPhone, Windows PC)
OSThe operating system and version
BrowserThe browser name and version used
IP AddressThe IP address from which the device last connected
Last UsedHow recently the trusted device was used to log in
ExpiresThe number of days remaining before trust expires and 2FA is required again

Reviewing and Removing Trusted Devices

  • To remove a single trusted device, click the Remove button next to that specific device entry.
  • To remove all trusted devices at once, click the Remove All button. This forces 2FA verification on the next login from every device.
Make it a habit to glance at your trusted devices list every few weeks. If you spot a device you do not recognize — an unfamiliar IP address, browser, or operating system — remove it immediately, change your password, and regenerate your backup codes as a precaution.

Deactivating Two-Factor Authentication

If you need to disable 2FA temporarily (for example, when switching to a new phone or a different authenticator app):
1

Navigate to the Two-Factor Authentication Tab

Go to Account > Two-factor Authentication.
2

Click Deactivate

Click the Deactivate button. You may be prompted to confirm your decision.
3

Re-Enable on Your New Device

After deactivating, set up 2FA again immediately by following the activation steps above with your new authenticator app. The window where 2FA is disabled is a window of reduced security — keep it as short as possible.
Any app that supports the TOTP (Time-based One-Time Password) standard will work. This includes Google Authenticator, Authy, Microsoft Authenticator, 1Password, Bitwarden, and many others. Hardware keys like YubiKey with TOTP support also work.
Use one of your saved backup codes to log in. Each backup code works once. If you have no backup codes remaining, contact FREAKHOSTING support — they will verify your identity through alternative means and help you regain access.
Absolutely. Most authenticator apps support unlimited accounts. Each one shows as a separate entry with its own 6-digit code. Just make sure you label them clearly so you do not mix up which code goes where.
TOTP codes are time-sensitive — they change every 30 seconds. If your phone’s clock is off by even a minute, the codes will not match. Make sure your phone’s time is set to automatic (synced with network time). On iPhone, go to Settings > General > Date & Time > Set Automatically. On Android, go to Settings > System > Date & Time > Set time automatically.
The cleanest approach is to deactivate 2FA on your account, then re-activate it and scan the new QR code with your new phone. If you use Authy, it has built-in multi-device support that can sync your tokens to a new device automatically. Google Authenticator also supports account transfers between devices through its export feature.

Need Extra Help?

If you encounter any issues, our support team is ready to assist:

Save on Your Hosting

Ready to get a new server? Use code KB20 at checkout for 20% off your first month!
Last Updated: March 2026 | VPS Support: Two-factor authentication simplified.