Paper Lantern for cPanel accounts is being retired this year. Find out more »
cPanel & WHM Version 102 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Mailbox/FTP App Password or MFA

Petru Tiglar shared this idea 3 years ago
Open Discussion

As a cPanel User I would like the ability to create app passwords for mailbox users accounts so that the accounts are more secure.


Currently there is no way to create an app pass for mailbox user accounts. Although you can setupp MFA for the webmail portal, a compromised email account can still be accessed via an application such as Outlook. This is what I believe to be a security flaw. The same thing applies to FTP applications. Enabling 2FA on the web portal is pointless when you can login via FTP without any Two Factor Authentication.

An app password would work by generating a unique password designed only for application use. This password can be used to connect mailboxes to Outlook and will expire after 24 Hours. Once the app pass expires the account will still be linked or "Allowed" on outlook. You'd just need to generate a new app password when setting up the email on another device. Outlook already supports Oauth2, I believe Filezilla does too. There is just no ability to generate an App Password via cPanel.

Leave a Comment
Attach a file