TOTP provides additional security because even if a traditional password is stolen or compromised, with a TOTP, the authentication app generates a new six-digit one-time security code (OTP) every 30 seconds to prevent your account from unauthorized access.

To configure Two-Factor Authentication (2FA), you should link your Namecheap account and the authentication app on your mobile device.

For the Namecheap TOTP 2FA method, you are able to use any of the TOTP-based applications, e.g., Google Authenticator, Authy, LastPass Authenticator, etc. It is also possible to connect as many different devices as you’d like to your Namecheap account and use any of them to verify your second step.

To start using the TOTP 2FA method in your Namecheap account, go to Profile >> Security >> Access >> Two-Factor Authentication page and click Enable:

Enter your Namecheap password and confirm the change by clicking Continue:

PLEASE NOTE: If you already have another 2FA method enabled, the pop-up window with a request to confirm the authentication method change will appear:

On the next page, you will receive the set of TOTP backup codes that can help you to recover access to your Namecheap account if you lose your device/s or cannot get codes via the authentication app. You need to either print or copy the backup codes somewhere. Once you have done this, click Next:

A few things to keep in mind:

On the next page, scan the QR code with the authentication app on your device:

If, for some reason, you cannot scan the QR code, click "enter this text code" to see a code that you can enter manually:

In your app (e.g. Google Authenticator, in this case), enter the code received in your Namecheap account:

PLEASE NOTE: To configure authentication via TOTP on multiple devices, scan the QR code separately on each device during the setup process. If multiple devices are connected, you will get the same OTP code on all devices when logging in.

After scanning the QR code or manually entering the text code, the app will display the six-digit OTP code you need to enter in your Namecheap account to finish the setup:

Once all your devices are configured, click Next and you will be redirected back to the Two-Factor Authentication page to see that TOTP is now set up as a 2FA method for your Namecheap account:  

After the QR code regeneration, your old QR code will no longer work. You will also be logged out from your Namecheap account on all devices, and you will need to reconfigure them as well.

In the Backup Codes section, you can check the available and used backup codes by clicking the Show Backup Codes button. You will need to confirm this action by entering your password associated with your Namecheap account:

If you somehow misplaced your backup codes, whether they were lost, stolen or ran out, you can retrieve them on your settings page: Profile >> Security >> Access >> Two-Factor Authentication. In the Backup Codes section, click on the drop-down and choose Regenerate Backup Codes:

When the following window appears, please confirm your action by clicking Regenerate:

After your Namecheap password is confirmed, you will receive a new set of backup codes that will invalidate the previous ones. Make sure to save your new backup codes in a safe place or print them out.

After your username and password are verified, you will be prompted to enter the six-digit OTP code from your app to authorize the login:

You should enter the newly-generated code as soon as possible after it appears in the app:

Each OTP code is intended for use by only one user; it is valid for 30 seconds and becomes invalid after successfully logging in.

PLEASE NOTE: Your Namecheap account might become locked after a number of incorrect login attempts.

If you have any questions, feel free to contact our 24/7 Customer Support Team.