The client area means money, domains, access. If an attacker gets in — they can delete services, transfer domains, place new orders on credit. 2FA insures against that.
\n
How it works
\n
Besides the password, login asks for a 6-digit code from the app. The code rotates every 30 seconds, can’t be obtained without the phone.
\n
Setup
\n
- Install Google Authenticator, Authy or 1Password on the phone (see separate article)
- Log into cp.navjucloud.tj
- Click your name → Security Settings
- Under Two-Factor Authentication click Enable
- A QR code appears — scan with the phone app
- The app shows a 6-digit code — enter in the client area
- Save the Backup Code in a safe place — that’s your insurance
\n
What if you lose the phone
\n
- On the login page pick Use Backup Code
- Enter the previously saved code
- Immediately re-create 2FA on the new phone
\n
If you also lost the backup code
\n
Only via support ticket + identity confirmation (ID, registration details). This is intentionally hard — otherwise anyone could hijack accounts.
\n
Best practices
\n
- Enable 2FA right after registration
- Store the backup code in a password manager or physically in a safe
- Use Authy/1Password — they have sync, you won’t lose access when changing phones
- 2FA is separate for cPanel and the client area — enable both
