Knowledge Base

How to Enable and Disable Two Factor Authentication

With traditional password authentication, you enter your username and password to access your account. However, this method has vulnerabilities, as passwords can be stolen or guessed.

Two factor authentication adds a second layer of security by requiring not only a password and username but also something unique to you, like a code sent to their phone, a fingerprint, or a security token. So even if someone gets your login details, the second step will prevent them from accessing your account because they can't complete the authentication process.

Keep reading to learn how you can manage the two-step authentication system for your Bluehost account.

Note: We have temporarily disabled 2FA as part of our ongoing security updates. If you would like to turn off 2FA, follow the steps provided in How to Disable Two Factor Authentication below. However, please be aware that you cannot turn 2FA back on once you have turned it off.

How Two Factor Authentication Works

Once you turn on 2FA, you'll need to type in a 6-digit code each time you log in to your BRAND account. You'll get this code via a text message, email, or authentication app. Just enter the code within 5 minutes to finish logging in. Google Authenticator refreshes the code every 30 seconds, but the refresh rate varies per app. Regardless of the refresh rate, each code is valid for 5 minutes.

You'll need to provide an authentication code in three scenarios:

  • When logging in.
  • When enabling or disabling two factor authentication.
  • To verify your identity when seeking assistance from our support teams. In this case, the authentication code is called a validation token.

How to Enable Two Factor Authentication

Two factor authentication can be enabled separately for the main account, billing, and hosting passwords. However, you can only enable it for your password to log in to the account. You can enable the two factor authentication by following these steps:

  1. Log in to your Bluehost Account Manager.
  2. Locate the name of the user in the user in the upper right corner and do the following steps below:
    1. Click the Name of the User (your name).
    2. Please hover your mouse and click My Profile.
      Bluehost My Profile dropdown option
  3. In the Security section, click the ACTIVATE button under the 2 Step Verification section.
    Activate 2FA button
  4. Tick the Box to agree to activate 2-Step Verification for the account, then click the ACTIVATE button.
    Activate 2FA page
  5. Remember to take note of the Recovery Key, where you will always be able to locate it, then click the FINISH button.
    Save Recovery Key button


How to Disable Two Factor Authentication

Turn off 2FA in your account by following these steps:

  1. Log into your Bluehost Account Manager.
  2. Once logged in, locate the person icon in the upper right corner of your homepage and select My Profile from the options.
    Person icon and My Profile option
  3. In the Security section, click the DISABLE link under2 Step Verification.
    DISABLE link under 2 Step Verification
  4. Tick the box to acknowledge that the 2-Step Verification will be disabled for the account, then click the DISABLE button.
    Checkbox to acknowledge the risk of disabling 2-step verification and blue DISABLE button

Frequently Asked Questions

Q: Why do I need to turn on two factor authentication?

A: You don't need to turn on two factor authentication; it's optional. However, it's more common than you realize for a hacker to gain access to your password, so requiring an extra step will protect your account from unauthorized access.

Q: Can I use a different two factor smartphone application to do this?

A: Yes, several authenticator apps can be used for this purpose; Google Authenticator is just one we prefer.

Q: I entered the code but was then redirected to the login screen. What's going on?

A: The code you entered needs to be updated or validated. Individual codes are valid for about 5 minutes, even though Google Authenticator will refresh every 30 seconds. Other apps may refresh at a different rate. Check the app or your email to be sure you're using the most recent code. If you have multiple accounts on the mobile app, make sure you're using the correct account code and that there aren't any spaces.

Q: I'm locked out of my account and can't get a new code. What do I do?

A: This can happen if you've deleted the account from the Google Authenticator app (or the app of your choice), lost your phone, or for various other reasons. But we can help! Please get in touch with our customer service at 888-401-4678 for further assistance.

Q: Will this prevent my websites from being hacked?

A: No. Enabling two factor authentication prevents unauthorized persons from accessing your hosting account. Still, it won't prevent criminals from hacking directly into your website by exploiting vulnerabilities in outdated scripts or plugins.

Q: What else can I do to strengthen my account security?

A:There are many ways that you can keep your account safe. Below are the tips you can follow:

  • Keep your software and scripts up to date.
  • Don't reuse passwords.
  • Don't share your account's password with anyone.
  • Use a password manager.
  • Don't click the links in suspicious or unexpected emails.
  • Be careful of what you download from the internet.
  • Beware of phishing attempts.


For a long time, passwords have been the go-to for logging into digital accounts. But relying solely on passwords isn't enough to keep data safe. Protect your Bluehost account by enabling two factor authentication (2FA). By adding an extra layer of security, 2FA significantly reduces the risk of unauthorized access to your hosting account. Should you ever need to disable it, Bluehost provides straightforward steps to manage your security settings effectively. Take proactive steps to safeguard your data and ensure peace of mind with Bluehost's 2FA feature.

If you need further assistance, feel free to contact us via Chat or Phone:

  • Chat Support - While on our website, you should see a CHAT bubble in the bottom right-hand corner of the page. Click anywhere on the bubble to begin a chat session.
  • Phone Support -
    • US: 888-401-4678
    • International: +1 801-765-9400

You may also refer to our Knowledge Base articles to help answer common questions and guide you through various setup, configuration, and troubleshooting steps.

Did you find this article helpful?

* Your feedback is too short