{"id":52314,"date":"2025-09-30T03:19:32","date_gmt":"2025-09-30T00:19:32","guid":{"rendered":"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/"},"modified":"2025-09-30T03:19:33","modified_gmt":"2025-09-30T00:19:33","slug":"common-mfa-issues-in-hosting-and-fixes","status":"publish","type":"post","link":"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/","title":{"rendered":"Common Mfa Issues in Hosting and Fixes"},"content":{"rendered":"<p><\/p>\n<p>Multi-factor authentication (MFA) protects <a href=\"https:\/\/www.infinitivehost.com\/blog\/top-open-source-web-hosting-panels\/\" target=\"_blank\" rel=\"noopener\">hosting control panels<\/a>, <a href=\"https:\/\/www.a2hosting.com\/kb\/getting-started-guide\/accessing-your-account\/using-ssh-secure-shell\/\" target=\"_blank\" rel=\"noopener\">ssh<\/a> access, APIs and user accounts, but it also introduces specific failure modes that can interrupt deployments, break automation and lock administrators out at the worst possible time. The issues below come up again and again in <a href=\"https:\/\/hostadvice.com\/\" target=\"_blank\" rel=\"noopener\">hosting<\/a> environments: time-based tokens that drift, push notifications that never arrive, SMS and email OTPs blocked by carriers or spam filters, lost devices, and service accounts that can\u2019t authenticate. Each problem has practical fixes and design choices that reduce operational risk while keeping security strong.<\/p>\n<p><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#Why_MFA_fails_in_hosting_environments\" >Why MFA fails in hosting environments<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#Common_problems_and_fixes\" >Common problems and fixes<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#Time_synchronization_and_TOTP_tokens\" >Time synchronization and TOTP tokens<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#Push_notifications_fail_to_reach_users\" >Push notifications fail to reach users<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#SMS_and_email_OTP_deliverability_problems\" >SMS and email OTP deliverability problems<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#Lost_devices_stolen_phones_and_backup_codes\" >Lost devices, stolen phones and backup codes<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#Service_accounts_automation_and_CICD_pipelines\" >Service accounts, automation and CI\/CD pipelines<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#Browser_cookie_and_session_issues\" >Browser, cookie and session issues<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#SSO_and_identity_provider_integration_problems\" >SSO and identity provider integration problems<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#Operational_best_practices_to_reduce_MFA-related_outages\" >Operational best practices to reduce MFA-related outages<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#Quick_checklist_for_admins\" >Quick checklist for admins<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#Summary\" >Summary<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#FAQs\" >FAQs<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#How_can_I_avoid_being_locked_out_if_I_lose_my_phone\" >How can I avoid being locked out if I lose my phone?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#Is_SMS_still_acceptable_as_a_second_factor_for_hosting_platforms\" >Is SMS still acceptable as a second factor for hosting platforms?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#How_do_I_secure_automated_deployments_that_cant_handle_interactive_MFA\" >How do I secure automated deployments that can\u2019t handle interactive MFA?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/infinitydomainhosting.com\/kb\/common-mfa-issues-in-hosting-and-fixes\/#What_should_I_do_if_many_users_report_%E2%80%9Cinvalid_code%E2%80%9D_errors\" >What should I do if many users report \u201cinvalid code\u201d errors?<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Why_MFA_fails_in_hosting_environments\"><\/span>Why MFA fails in <a href=\"https:\/\/hostadvice.com\/\" target=\"_blank\" rel=\"noopener\">hosting<\/a> environments<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p><a href=\"https:\/\/hostadvice.com\/\" target=\"_blank\" rel=\"noopener\">hosting<\/a> platforms mix human admins, automated systems and third-party integrations: that complexity creates fragile authentication paths. Time-based one-time passwords (TOTP) are sensitive to clock skew between client devices and authentication servers. Push-based authentication depends on mobile push services and networks, which can be restricted by corporate firewalls or unreliable carriers. Email and SMS-based codes are vulnerable to deliverability issues and interception. Service accounts or CI pipelines often can\u2019t interact with interactive MFA workflows, and without well-planned fallback methods these accounts will fail and deployments will stall. Finally, poor administrative policies,single-person recovery, missing backup codes, or tight rate limits,turn routine authentication failures into full outages.<\/p>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Common_problems_and_fixes\"><\/span>Common problems and fixes<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Time_synchronization_and_TOTP_tokens\"><\/span>Time synchronization and TOTP tokens<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>TOTP tokens (Google Authenticator, Authy, etc.) rely on synchronized clocks. Even small clock drift on <a href=\"https:\/\/hostadvice.com\/tools\/whois\/\" target=\"_blank\" rel=\"noopener\">the hosting<\/a> side or on <a href=\"https:\/\/infinitydomainhosting.com\/kb\/how-to-configure-2fa-step-by-step\/\">a<\/a> user&#8217;s device can make valid codes <a href=\"https:\/\/support.hostinger.com\/en\/articles\/6448761-website-builder-how-to-make-a-website-appear-on-google\" target=\"_blank\" rel=\"noopener\">appear<\/a> invalid. Fix this by ensuring all servers that validate TOTPs use reliable NTP\/chrony sources and monitor clock drift. On the auth service, allow a small validation window (for example, accept codes one interval before and after the expected time) rather than a single-slot check. For user guidance, include a quick troubleshooting guide showing how to resync common authenticator apps or check device time settings.<\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Push_notifications_fail_to_reach_users\"><\/span>Push notifications fail to reach users<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>Push-based MFA (authenticate with a tap) is convenient but fragile: blocked ports, VPN split-tunnel settings, or disabled background data can prevent push delivery. First, document network requirements for push services and make those requirements visible in onboarding and admin docs. For enterprise customers, provide an alternate factor,TOTP or hardware tokens,so they are not dependent on push delivery. Monitor push success rates and set alerts for rising failure counts; if you see many failures from a customer, work with them to identify firewall rules or mobile device management (MDM) policies that block push traffic.<\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"SMS_and_email_OTP_deliverability_problems\"><\/span>SMS and email OTP deliverability problems<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>SMS and email-based one-time passwords are often used as fallbacks, but they suffer from carrier delays, spam filtering, and international routing issues. Improve deliverability by using reputable SMS gateway providers, implementing carrier fallback strategies, and ensuring email messages come from verified <a href=\"https:\/\/www.hostinger.com\/domain-name-search\" target=\"_blank\" rel=\"noopener\">domains<\/a> with correct SPF, DKIM and DMARC records. Provide administrators with visibility into message status and delivery logs so they can troubleshoot quickly. When possible, avoid relying on SMS as a primary second factor,treat it as a last resort and educate users about SIM-swap risks.<\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Lost_devices_stolen_phones_and_backup_codes\"><\/span>Lost devices, stolen phones and backup codes<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>Users lose phones, upgrade devices, or experience theft. If an account has no recovery path, the result is an admin lockout. Require and enforce secure storage of recovery codes at enrollment and offer an account recovery flow that requires multiple verification steps (email verification + identity checks) before disabling MFA. For high-privilege accounts, recommend registering a second hardware token or keeping a hardware token in secure organizational storage. Provide self-service token <a href=\"https:\/\/infinitydomainhosting.com\/index.php?rp=\/knowledgebase\/208\/How-to-migrate-your-website-to-a-new-hosting-provider.html\">migration<\/a> options that require the current factor plus another identifier to reduce helpdesk load.<\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Service_accounts_automation_and_CICD_pipelines\"><\/span>Service accounts, automation and CI\/CD pipelines<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>Many hosts manage automated tasks,backups, deployments, monitoring,that can\u2019t respond to interactive MFA challenges. Treat service accounts differently: issue long-lived API keys or platform-scoped tokens for non-interactive systems, restrict those tokens with minimal privileges, and rotate them regularly. Where MFA is required for sensitive actions, consider delegated machine-to-machine authentication (OAuth client credentials, mutual <a href=\"https:\/\/www.hostinger.com\/tutorials\/what-is-tls\" target=\"_blank\" rel=\"noopener\">tls<\/a>) instead of forcing human-style MFA on automation. Document these approaches and log all uses of service credentials for auditability.<\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Browser_cookie_and_session_issues\"><\/span>Browser, cookie and session issues<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>Modern web interfaces sometimes break MFA flows because of strict cookie or third-party tracker blocking, browser extensions, or old browser versions that don\u2019t support WebAuthn. Make sure <a href=\"https:\/\/hostadvice.com\/tools\/whois\/\" target=\"_blank\" rel=\"noopener\">the hosting<\/a> UI explains required browser features and expose a plain fallback page for cases where JavaScript or cookies are blocked. For WebAuthn\/FIDO2 hardware keys, keep implementations up to date and provide a TOTP fallback if a specific browser has known compatibility issues.<\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"SSO_and_identity_provider_integration_problems\"><\/span>SSO and identity provider integration problems<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>Hosting providers frequently integrate with corporate SSO. Misconfiguration of SAML or OIDC assertions can bypass MFA or prevent it from triggering. When using third-party IdPs, decide whether MFA is enforced by the IdP or the hosting app and document that clearly. Test the end-to-end flow in staging whenever IdP policies change. Implement clear error messages that indicate if a SAML\/OIDC assertion failed or if the IdP rejected the session, and give admins a path to troubleshoot with both the IdP and the hosting provider.<\/p>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Operational_best_practices_to_reduce_MFA-related_outages\"><\/span>Operational best practices to reduce MFA-related outages<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>Planning and documentation make a huge difference. Require multi-admin recovery plans and store emergency recovery methods in a secure vault that multiple trusted people can access. Offer and require backup codes, secondary hardware tokens, or alternative second factors during onboarding. Monitor authentication errors and set alert thresholds for abnormal spikes. Provide a self-service MFA reset that includes identity verification steps and an audit trail, and use role-based access controls to limit who can perform resets. Finally, test your recovery processes periodically,what isn\u2019t tested in staging will fail in production.<\/p>\n<p><!--KB_CAT_BLOCK--><\/p>\n<figure class=\"kb-cat-placeholder\" style=\"margin:1.75rem 0;display:block;\">\n<div class=\"kb-cat-wrap\" style=\"position:relative; overflow:hidden; border-radius:12px; box-shadow:0 10px 36px rgba(0,0,0,0.14);\"><img src=\"https:\/\/infinitydomainhosting.com\/kb\/assets\/img\/cat-default.webp\" alt=\"Common Mfa Issues in Hosting and Fixes\" loading=\"lazy\" decoding=\"async\" style=\"max-width:100%;height:auto;display:block;border-radius:12px;box-shadow:0 8px 28px rgba(0,0,0,0.12);\" \/><\/p>\n<div class=\"kb-cat-gradient\" style=\"position:absolute; inset:0; background:linear-gradient(180deg, rgba(9,23,60,0.66) 0%, rgba(11,30,70,0.45) 40%, rgba(11,30,70,0.15) 100%);\"><\/div>\n<div class=\"kb-cat-textbox\" style=\"position:absolute; inset:auto 5% 7% 5%; color:#fff; text-align:center; display:flex; flex-direction:column; gap:.4rem; align-items:center; justify-content:flex-end;\">\n<div class=\"kb-cat-title\" style=\"font-weight:800; font-size:clamp(20px,3.6vw,34px); line-height:1.2; letter-spacing:.2px; text-shadow:0 1px 2px rgba(0,0,0,.35);\">Common Mfa Issues in Hosting and Fixes<\/div>\n<div class=\"kb-cat-meta\" style=\"opacity:1; font-weight:600; font-size:clamp(13px,2.6vw,16px); line-height:1.45; text-shadow:0 1px 2px rgba(0,0,0,.28);\">Multi-factor authentication (MFA) protects hosting control panels, ssh access, APIs and user accounts, but it also introduces specific failure modes that can interrupt deployments, break automation and lock administrators out\u2026<\/div>\n<div class=\"kb-cat-desc\" style=\"opacity:1; font-weight:500; font-size:clamp(12px,2.4vw,15px); line-height:1.5; max-width:900px; text-wrap:balance; text-shadow:0 1px 2px rgba(0,0,0,.25);\">AI<\/div>\n<\/div>\n<\/div>\n<\/figure>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Quick_checklist_for_admins\"><\/span>Quick checklist for admins<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<ul><\/p>\n<li>Keep all servers synced to reliable NTP sources; monitor drift.<\/li>\n<p><\/p>\n<li>Provide at least two registered second factors per admin account.<\/li>\n<p><\/p>\n<li>Use hardware tokens for privileged accounts and store a spare securely.<\/li>\n<p><\/p>\n<li>Use scoped API tokens or machine credentials for automation, not interactive MFA.<\/li>\n<p><\/p>\n<li>Verify email domains with SPF\/DKIM\/DMARC; choose reputable SMS gateways.<\/li>\n<p><\/p>\n<li>Document and practice emergency recovery procedures quarterly.<\/li>\n<p>\n<\/ul>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<p>MFA strengthens hosting security but creates specific, solvable failure modes: clock drift, message delivery problems, lost devices, automation conflicts and integration misconfigurations. Address these issues by combining technical fixes,NTP, resilient SMS\/email delivery, fallback factors and scoped service tokens,with operational controls such as multi-admin recovery, backup codes, and regular testing. Thoughtful design and clear documentation keep hosting systems secure without turning MFA into an availability hazard.<\/p>\n<p><\/p>\n<h2><span class=\"ez-toc-section\" id=\"FAQs\"><\/span>FAQs<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><\/p>\n<div><\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_can_I_avoid_being_locked_out_if_I_lose_my_phone\"><\/span>How can I avoid being locked out if I lose my phone?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p><a href=\"https:\/\/infinitydomainhosting.com\/register.php\">register<\/a> at least one backup factor during setup (an extra authenticator app, a hardware token, or printed recovery codes). For high-privilege accounts, keep a hardware token in a secure organizational safe. Implement a verified self-service recovery flow for non-privileged users and a multi-person emergency process for admins.<\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Is_SMS_still_acceptable_as_a_second_factor_for_hosting_platforms\"><\/span>Is SMS still acceptable as a second factor for hosting platforms?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>SMS can be used as a fallback but shouldn\u2019t be the primary factor for sensitive operations because of carrier delays and SIM-swap risks. Prefer TOTP, push-based MFA, or FIDO2 hardware keys for primary protection and use SMS only as a secondary fallback with appropriate monitoring.<\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_do_I_secure_automated_deployments_that_cant_handle_interactive_MFA\"><\/span>How do I secure automated deployments that can\u2019t handle interactive MFA? <span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>Use machine-friendly authentication methods: scoped API tokens, OAuth client credentials, or mTLS. Keep these credentials minimal in privilege, rotate them frequently, and log their usage. Avoid putting interactive MFA on automation paths; instead, protect administrative actions that change deployment or credential issuance.<\/p>\n<p><\/p>\n<h3><span class=\"ez-toc-section\" id=\"What_should_I_do_if_many_users_report_%E2%80%9Cinvalid_code%E2%80%9D_errors\"><\/span>What should I do if many users report \u201cinvalid code\u201d errors? <span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><\/p>\n<p>Check server clock synchronization and monitor drift. Confirm your token validation window allows a small number of adjacent intervals. If drift isn\u2019t the issue, review recent changes to the auth server, client apps, or any load balancers that might affect requests, and surface clear troubleshooting steps to users (resync app, check device time).<\/p>\n<p>\n<\/div>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Multi-factor authentication (MFA) protects hosting control panels, ssh access, APIs and user accounts, but it also introduces specific failure modes that can&hellip;<\/p>\n","protected":false},"author":1,"featured_media":52315,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[8,9405,86,4593,9,1,4594,3,5,10,4,11,7,88,2],"tags":[12991,13092,13019,13022,379,13091,811,10630,677,10485,12620,13020,11184,11183,13093,579,1094,719,12383,1826,262],"class_list":["post-52314","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-website-security","category-ai","category-computer-security","category-databases","category-domains","category-general","category-networking","category-php-scripts","category-seo","category-servers","category-ssl-certificates","category-support","category-web-design","category-web-hosting","category-wordpress","tag-2fa","tag-access-management","tag-authentication-issues","tag-backup-codes","tag-cloud-hosting","tag-common-mfa-issues-in-hosting-and-fixes","tag-configuration","tag-fixes","tag-hosting","tag-hosting-providers","tag-identity-management","tag-login-problems","tag-mfa","tag-multi-factor-authentication","tag-otp","tag-security","tag-server-hosting","tag-setup","tag-token-based-authentication","tag-troubleshooting","tag-web-hosting"],"_links":{"self":[{"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/posts\/52314","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/comments?post=52314"}],"version-history":[{"count":1,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/posts\/52314\/revisions"}],"predecessor-version":[{"id":52316,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/posts\/52314\/revisions\/52316"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/media\/52315"}],"wp:attachment":[{"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/media?parent=52314"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/categories?post=52314"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infinitydomainhosting.com\/kb\/wp-json\/wp\/v2\/tags?post=52314"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}