Skip to main content

Set up two-factor authentication (2FA) in the portal

Published on July 10, 2026 7 min read

Set up two-factor authentication (2FA) in the LJPc customer portal, step by step: use an authenticator app, save your backup codes and add a passkey.

Illustration of a person logging in with two-factor authentication: a phone with a security shield, a physical security key and an orange checkmark.

Set up two-factor authentication (2FA) and you add one of the simplest, strongest layers of protection to your hosting account. On top of your password, the customer portal then asks for a second proof that it is really you, such as a code from an app on your phone or a fingerprint. This article explains what 2FA is, why it matters and how to turn it on step by step with an authenticator app, backup codes and passkeys.

What is two-factor authentication (2FA)?

Two-factor authentication, often shortened to 2FA, means you provide two different proofs when you log in instead of one. The first is something you know: your password. The second is something you have: usually your phone with an authenticator app, or a physical key. You only get access once both are correct.

The idea is simple. A password can leak or be guessed, but an attacker does not have your second factor. Without your phone or key, someone with only your password still cannot get in.

Why 2FA matters for your hosting account

Your hosting account is the key to your websites, domains, email and invoices. If someone gets in, they can take your site offline, intercept email or try to move a domain away. That is exactly why an extra lock on this account is so valuable.

Passwords leak more often than you would think. Data breaches spill millions of email and password combinations, and many people reuse the same password in several places. Attackers feed those leaked passwords into all sorts of services automatically. With 2FA, such an attempt stalls at the second step, even when your password is already known.

2FA is one of the building blocks of a secure setup, alongside a valid SSL certificate and solid HTTP security headers. Together they keep both your account and your visitors better protected.

Which methods does the customer portal support?

The customer portal at LJPc hosting offers two kinds of second factor, plus a safety net:

  • Authenticator app (TOTP): an app on your phone shows a new 6-digit code every 30 seconds. Think of Google Authenticator, Authy or Microsoft Authenticator.
  • Passkeys and hardware keys (WebAuthn): you log in with Touch ID, Face ID, Windows Hello or a physical key such as a YubiKey. There is nothing to type over.
  • Backup codes: ten single-use codes you fall back on when your phone is not to hand.

You do not have to choose: an authenticator app and a passkey are separate features. You can work with just an app, add only a passkey, or set up both for extra peace of mind.

Set up two-factor authentication with an authenticator app

An authenticator app is the best-known method and works on any phone. Do not have an app yet? Install one first from your phone's app store. Then follow these steps:

  1. Log in to the customer portal with your email address and password.
  2. Go to My account (top right in the portal) and open the Security tab.
  3. On the Two-factor authentication (2FA) card, click Enable 2FA.
  4. Scan the QR code that appears with your authenticator app. If scanning does not work, type the Manual setup key into your app instead.
  5. Your app now shows a 6-digit code. Enter it under Verification code and click Verify.
  6. If the code is correct, the status flips to Active and you immediately see your backup codes. Save them before you continue (see below).

From now on, the portal asks for the code from your app after your password. On that screen, Two-factor authentication, you enter the 6-digit code and click Verify. The code refreshes every 30 seconds, so always use the one showing in your app at that moment.

Which authenticator app can you use?

The portal uses the standard for time-based codes (TOTP), so almost any authenticator app works. Popular choices are Google Authenticator, Microsoft Authenticator and Authy, but password managers such as 1Password and Bitwarden can generate these codes too. Ideally, pick an app with an encrypted backup or sync. That way you do not lose your codes when you switch to a new phone.

Backup codes: your safety net if you lose your phone

When you enable 2FA, you are shown ten backup codes in the form XXXXX-XXXXX. Each code works exactly once. They exist for the moment you lose your phone or cannot open your authenticator app.

Important: you see these codes only once. Save them straight away somewhere safe, for example in a password manager, or print them and keep them in a secure spot. If you cannot reach your app, click the hint on the login screen, No access to your app? Enter one of your backup codes, and type an unused code.

On the Security tab you can see how many codes you have left, for example 10 of 10 left. If they run out or you lose them, create a New set. Note that your old codes expire immediately and you are shown ten new codes, once again on a one-time basis.

Passkeys and hardware keys as an alternative

Would you rather not type codes at all? Then add a passkey. A passkey is a modern, passwordless login method based on the WebAuthn standard. Instead of a code, you confirm the login with Touch ID, Face ID, Windows Hello or a hardware key such as a YubiKey.

Passkeys are extra secure because they are tied to the portal domain. They only work on the real portal site, so phishing through a fake site cannot succeed. Go to the Security tab, click Add passkey under Passkeys, give your passkey a name you will recognise, for example "MacBook Touch ID", and follow the prompt from your device or browser. You may add several passkeys, for example one per device.

Once you have set up a passkey, you can choose Sign in with a passkey on the login page and log in without a password. If your browser does not support passkeys yet, the authenticator app stays available as usual.

How to disable 2FA

Want to switch two-factor authentication off for a while? Go to My account and the Security tab, enter your account password on the 2FA card and click Disable 2FA. For security reasons the portal asks for your password here, not a code.

Keep in mind that your backup codes expire as soon as you disable 2FA. If you turn 2FA back on later, you receive a fresh set of codes. We recommend only disabling 2FA when you really need to, and setting it up again straight afterwards.

Stuck? Create a support ticket or get in touch with support and we will help you further. Want to know more about managing your account? Read how to manage your hosting account and invoices.

Frequently asked questions

What should I do if I lose my phone?

Use one of your backup codes to log in anyway. Then go to the Security tab and set up 2FA again on your new phone, or switch it off and back on. If you have no backup codes left and no access to your app or passkey, contact support so we can restore your account safely.

Does every authenticator app work with the customer portal?

Yes. The portal uses the standard TOTP method (RFC 6238), so apps such as Google Authenticator, Microsoft Authenticator, Authy, 1Password and Bitwarden all work. You are free to choose whichever app you like.

What is the difference between a passkey and an authenticator app?

An authenticator app gives you a 6-digit code that you type in when logging in. A passkey uses a cryptographic key on your device: you confirm with your fingerprint, face or PIN and type nothing over. Passkeys are also tied to the portal domain, which makes them highly resistant to phishing.

Do I need to set up both an app and a passkey?

No, one second factor is enough. An authenticator app or a passkey both protect your account well. You may combine them for extra security, but that is not required.

I get a message that my verification code is wrong, even though I enter the correct code.

This is nearly always down to a time difference. A TOTP code is valid for only 30 seconds, and your app and our server need to use the same time. Set the time on your phone to automatic, wait for a fresh code and try again.

Is two-factor authentication mandatory at LJPc hosting?

No, 2FA is optional, but we strongly recommend it for everyone. It is one of the most effective ways to stop someone getting into your hosting account with just your password. You can set it up in a few minutes.

Prefer to talk to someone?

We are also happy to answer your questions personally. Schedule a free consultation or call us directly. We are glad to think along with you.

Stay up to date with recent developments! Subscribe and receive our newsletter Signing up... Thank you for subscribing! Something went wrong. Please try again later.