Kapsule CloudAtlas

Securing Your Account: Password and Two-Factor Authentication

Updated 3 June 2026·security, password, two-factor authentication

Your KPanel account controls access to your sites, domains, billing, and backups. This guide covers every security measure you should have in place.

Password Best Practices

A strong, unique password is the first line of defence for your account.

Requirements: KPanel requires a minimum password length and will reject commonly used passwords. The specific minimum is shown during the password change flow.

Best practices:

  • Use a password of at least 16 characters.
  • Do not reuse a password from any other service. If a data breach exposes one account, reused passwords expose all of them.
  • Use a password manager (such as 1Password, Bitwarden, or the one built into your browser) to generate and store a unique password for KPanel.
  • Never share your password with anyone, including Kapsule Support. Support staff will never ask for your password.

Changing Your Password

  1. Log in to KPanel at kpanel.kapsulecloud.com.
  2. Click your account name or avatar in the top-right corner.
  3. Select Account Settings or Profile.
  4. Click Change Password.
  5. Enter your current password, then your new password twice to confirm.
  6. Click Save.

Your session remains active after a password change. Other active sessions are not automatically ended, but you can end them manually (see Session Management below).

Resetting a Forgotten Password

If you cannot log in because you have forgotten your password:

  1. Go to kpanel.kapsulecloud.com.
  2. Click Forgot your password? on the login page.
  3. Enter the email address associated with your account.
  4. Check your inbox for a password reset email. If it does not arrive within a few minutes, check your spam folder.
  5. Click the link in the email. Reset links are valid for 1 hour.
  6. Enter your new password and confirm it.

If you no longer have access to the email address on your account, contact support at support@kapsulecloud.com. You will be asked to verify your identity before access is restored.

Account security settings in KPanel

Two-Factor Authentication (2FA)

Two-factor authentication adds a second verification step to your login. Even if someone obtains your password, they cannot log in without also having access to your 2FA device.

What It Is

After entering your password, you will be asked for a 6-digit code from an authenticator app on your phone or computer. This code changes every 30 seconds and can only be generated by the device you set up during enrollment.

Why You Should Enable It

Enable 2FA immediately after setting up your account. It is the single most effective step you can take to protect your account. Account takeovers almost always succeed because a password was reused or phished. 2FA stops them.

Supported Authenticator Apps

KPanel uses the standard TOTP (Time-based One-Time Password) protocol. Any TOTP-compatible app will work, including:

  • Google Authenticator (iOS, Android)
  • Authy (iOS, Android, Desktop)
  • 1Password (built-in authenticator)
  • Bitwarden Authenticator
  • Apple Passwords (iOS 18+ / macOS Sequoia+)
  • Microsoft Authenticator

You do not need a specific app. If you already use a password manager with TOTP support, use that.

Setting Up 2FA in KPanel

  1. Log in to KPanel.
  2. Click your account name or avatar in the top-right corner.
  3. Select Account Settings or Security.
  4. Click Enable 2FA.
  5. Open your authenticator app and scan the QR code shown on screen. Alternatively, click Can't scan the code? to get a setup key you can enter manually.
  6. Enter the 6-digit code from your authenticator app to confirm the setup worked.
  7. Click Enable.

Recovery Codes

Immediately after enabling 2FA, KPanel will display a set of single-use recovery codes.

Save your recovery codes now, before closing this screen. If you lose access to your authenticator app (lost phone, new phone, deleted app), recovery codes are the only way to get back into your account. Store them somewhere safe and offline: printed and locked away, or in a secure password manager.

Each recovery code can only be used once. After using one, it is invalidated. If you use most of your codes or lose them, regenerate a new set from KPanel > Security > Two-Factor Authentication > Regenerate Recovery Codes while you are still logged in.

Logging In with 2FA

After entering your password on the login page, you will be asked for your 2FA code. Open your authenticator app, find the Kapsule Cloud entry, and enter the 6-digit code shown. Codes expire every 30 seconds, so enter the code promptly.

What to Do If You Lose Access to Your 2FA Device

  1. Use a recovery code to log in. On the 2FA prompt page, look for the Use a recovery code link.
  2. Once logged in, go to Account Settings > Security and disable 2FA.
  3. Set up 2FA again with your new device.

If you have lost both your authenticator device and your recovery codes, contact support at support@kapsulecloud.com. Identity verification will be required before access is restored.

Session Management

Each time you log in, a session is created. If you log in from multiple devices or browsers, multiple sessions may be active simultaneously.

To view and end active sessions:

  1. Go to KPanel > Account Settings > Security.
  2. Find the Active Sessions section.
  3. Review the list of sessions (each shows the device, browser, and approximate location).
  4. Click Sign out next to any session you do not recognise.
  5. To end all sessions at once, click Sign out everywhere.

If you have been using a public computer or shared device, use Sign out everywhere immediately after returning to your own device.

If Your Account Is Compromised

If you believe someone has accessed your account without your permission:

  1. Change your password immediately. Go to Account Settings and set a new, unique password.
  2. Log out of all sessions to immediately invalidate any active attacker sessions.
  3. Check recent activity in KPanel for any changes you did not make (new sites created, DNS changes, billing changes).
  4. Contact support at support@kapsulecloud.com or reply to any recent order/change confirmation email. Describe what you found and when you noticed it.
  5. Enable 2FA if it was not already active.
  6. Check your email account for signs of compromise, as email access is often used to intercept password reset links.

The support team can review server-side access logs and help identify the scope of any unauthorised activity.

Was this article helpful?

Still need help?

Our support team is here on business days, NZT.

Open a ticketEmail support
Back to Help Centre