Securing your Account: Enabling 2FA via the Security Tab

While cpanel.hovixa.com and vm.hovixa.com have their own security layers, the Hovixa Client Portal is the master administrative layer that controls your billing, support tickets, and service access. Enabling Two-Factor Authentication (2FA) here is the single most effective way to prevent unauthorized actors from taking control of your entire hosting infrastructure.

1. Preparation

Hovixa uses the Time-based One-Time Password (TOTP) algorithm. Before enabling 2FA, ensure you have a compatible authenticator app installed on your mobile device (e.g., Google Authenticator, Authy, or Microsoft Authenticator).

2. Enabling 2FA in the Client Portal

1. Log in to the Hovixa Client Portal.
2. In the account management sidebar or the user dropdown menu, select Security Settings.
3. Locate the Two-Factor Authentication section.
4. Click the Click here to Enable button.
5. A modal will appear. Select Authenticator App as your 2FA method and click Get Started.

3. Synchronization and Verification

1. Open your authenticator app on your mobile device and select Scan QR Code.
2. Scan the QR code displayed on your screen.
3. Once the account "Hovixa" appears in your app, enter the 6-digit code currently displayed into the Verification Code field in the portal.
4. Click Confirm.

4. Recovery Codes (Critical)

Upon successful activation, the system will generate a Backup Recovery Code. This code is the only way to access your account if you lose your phone or delete the authenticator app.

• Store it offline: Print the code or write it down.
• Do not store it on the same device: Storing a recovery code on the phone it is meant to bypass creates a single point of failure.
• One-time use: These codes are typically consumed upon use. If you use one, generate a new set immediately.

5. Technical Implementation Details

• Session Termination: Enabling 2FA will not log out your current session, but it will be required for all subsequent login attempts.
• Sub-Accounts: If you have invited developers or team members as sub-accounts, they must enable 2FA on their own profiles individually. Your 2FA status does not "trickle down" to sub-users.
• Clock Drift: If the portal rejects your 6-digit code, ensure your phone's time is set to "Automatic." A discrepancy of even 30 seconds between the server clock and your device clock will cause authentication failure.

Security Note: Hovixa staff will never ask for your 2FA code or your password. If someone claiming to be support requests this information, do not provide it and report the incident immediately.