Two Factor Authentication in WHMCS

By on October 24th, 2018

Two Factor Authentication in WHMCS

Two-factor authentication, which is also known as 2FA, provides an additional layer of security by adding a second step to your login and it makes harder for attackers to gain access to a person’s devices and online accounts, even if an attacker has your password. Because knowing the person’s password alone is not enough to pass the authentication check.  It takes something you know (ie. your password) and adds a second factor, typically something you own such as devices like phone and online accounts etc is needed to pass the authentication check. One of the most common and simplest options in WHMCS is to use the time based one-time passwords. By choosing this option, you should also have to enter a 6-digit code that changes every 30 seconds in addition to your regular username & password. Only your token device (typically a mobile smartphone) will know your secret key and be able to generate valid one time passwords for your account. So your account is far safer. In this documentation, we have discussed about the Two Factor Authentication in WHMCS.

 

1) Login to your WHMCS account with username and password.

2) Navigate to the “Setup” tab.

Two factor authentication

 

3) From the drop-down list choose the option “Staff Management”.

Two factor authentication

 

4) The Staff Management option also lists some sub-options. From there, select the “Two-Factor Authentication” option.

Two factor authentication

 

5) There are many different options available for this Two Factor Authentication, and the WHMCS also support more than one options.  Some of them are Duo Security, Time Based One-Time Passwords, Yubico. Here, we can see some options of WHMCS in the page.

Two factor authentication

 

Click the “Activate” button next to the type of two-factor authentication you wish to use. The Duo Security and TOTP options both require a subscription before they can be configured. So you would need to Subscribe the options. You can see a “Subscribe To Activate” button for this. By choosing this option will take you to the relevant signup page. Once the purchase has been completed, you can return to the Two-Factor Authentication page to continue the configuration process. Some options are common to all auth methods are:

Enable for Clients

Enable for Staff

6) On the left-hand side of the Two-Factor Authentication page are two Force Settings. Marking these options will require clients and/or staff to configure two-factor authentication upon next login, they will be presented with a prompt showing them the two-factor authentication instructions and will not be able to proceed until registration is complete.

Two factor authentication

 

7) Click on “Save Changes” option to save the changes.

 

If you need any further assistance please contact our support department.

 

 

Leave a Reply