While strong passwords offer a good foundation for security, they are not impenetrable. A determined attacker with sufficient time and resources can potentially compromise even complex passwords through brute-force methods or other techniques.
Two-factor authentication (2FA) adds a crucial second security layer to your Plesk account, dramatically increasing your protection against unauthorized access. This additional security layer requires something you know (your password) and something you have (your mobile device).
With multi-factor authentication enabled, an attacker would need both your password and physical access to your mobile device to gain entry to your account. This significantly reduces the risk of unauthorized access, even if your password is somehow compromised.
Key Terms for Beginners
- MFA (Multi-Factor Authentication): A security method that requires users to provide two or more verification factors to gain access to a resource.
- 2FA (Two-Factor Authentication): A subset of MFA that requires exactly two different verification factors.
- One-Time Password (OTP): An automatically generated code that is valid for only one login session or transaction.
- Authenticator App: A mobile application that generates verification codes for 2FA.
- QR Code: A type of barcode that contains information that can be quickly scanned by a smartphone camera.
- Brute-Force Attack: A method where attackers try many passwords hoping to eventually guess correctly.
Prerequisites
- A Plesk account with administrator privileges
- A smartphone or mobile device capable of running an authenticator app
- One of the recommended authenticator applications installed:
Step-by-Step Guide to Enabling MFA in Plesk
Step 1: Access Your Plesk Dashboard
- Log into your Plesk Control Panel using your existing credentials.
- Navigate to "My Profile" in the top-right corner of the screen.
- Scroll down until you locate the "Multi-Factor Authentication (MFA)" section.
- Click the link within this section to continue.
Step 2: Enable Multi-Factor Authentication
- On the MFA configuration page, check the box labeled "Enable Multi-factor Authentication".
- A QR code will appear on your screen. This code contains the information needed to link your Plesk account with your authenticator app.
Step 3: Configure Your Authenticator App
- Open your chosen authenticator app on your mobile device.
- Use the app's "Add Account" or "+" feature to add a new account.
- Select the option to scan a QR code.
- Point your device's camera at the QR code displayed on your Plesk screen.
- After scanning, your authenticator app will display your Plesk server's hostname and a six-digit verification code.
Step 4: Verify and Complete Setup
- Enter the six-digit verification code from your authenticator app into the verification field in Plesk.
- If the code is correct, MFA will be successfully enabled for your account.
Step 5: Configure the "Remember Device" Feature (Optional)
- If you don't want to enter a verification code each time you log in, you can select the "Enable the 'Remember Device' feature" checkbox.
- Specify the number of days you want your device to be remembered.
Managing Your MFA Settings
How the "Remember Device" Feature Works
- When enabled, your browser will store a secure token for the specified number of days.
- During this period, you will not need to enter verification codes when logging in from the same device and browser.
- The token will expire when:
- The specified time period elapses
- You clear your browser cookies/cache
- You use a different browser or device
- When logging in from a new device, you'll always be prompted for a verification code, with an option to remember the new device.
Changing Your Authenticator Device
If you need to use a new mobile device or authenticator app:
- Log in to Plesk using your current authentication method.
- Navigate to "My Profile" and the MFA section.
- Disable two-factor authentication temporarily.
- Follow the steps above to re-enable MFA with your new device.
If you still have access to your old device, keep it until you've successfully set up MFA on your new device.
Troubleshooting and Account Recovery
If you lose access to both your password and authentication device:
- If you saved the QR code backup as recommended, you can use it to set up the authenticator on a new device.
- If you didn't save the QR code, you'll need to submit an account recovery request through our support system.
- For security purposes, you'll need to provide detailed verification information to confirm your identity.
- Once your identity is confirmed, our support team can disable MFA on your account, allowing you to regain access and set up a new authentication method.
Best Practices for MFA Security
- Use a reliable authenticator app - Choose well-established apps with regular security updates.
- Secure your backup QR code - If you save the QR code, store it securely in an encrypted file or password manager.
- Keep your mobile device secure - Use biometric protection and screen locks on your authentication device.
- Don't enable "Remember Device" on shared computers - Only use this feature on personal, secured devices.
- Update your authenticator app regularly - This ensures you have the latest security features and bug fixes.
- Consider using an authenticator with cloud backup - Apps like Authy can securely sync across devices, preventing lockouts due to lost phones.
Implementing Multi-Factor Authentication for your Plesk account significantly enhances your security posture. While it adds an additional step to the login process, the security benefits far outweigh this minimal inconvenience. By requiring both your password and a time-sensitive verification code, MFA effectively protects your Plesk account from unauthorized access, even if your password is compromised.
We strongly recommend that all users, especially those with administrative access to important servers or websites, enable this critical security feature.
