Two-Factor Authentication

• October 18, 2017
• Alert

We have enabled Two-Factor Authentication on WHMCS to protect your accounts, domain names, and websites.

If you do NOT have a tablet or cell phone, please contact me.
If you need help getting it set up, please call me or email me.
256-520-7327 cell, rdcss@rdcss.com

You can also turn on this feature in cPanel: under the Security tab – choose two-factor Authentication.

For billing and domain management (in the WHMCS interface) it will automatically require two-factor Authentication.

For your security, to protect your account information and your domains/websites, we have enabled this feature.
It will work with any OATH (Open AuTHorization) software such as Google Authentication for Android, or Apple’s OATH Token App.

I have had customers with Quickbooks online, and a two-factor authentication was the only way they could keep the hackers out.

For Android users –
You can use Google Authenticator from the app store.
Run the app.
If it is your first time, click Add Account; otherwise, click on the red circle with the plus to add an account.
Choose scan a barcode.
It will display a big square bar code (QR code) on your screen. Line up the box (on your phone or tablet) with the code on the screen.
Now, when you log in to your account, use the randomly generated code (on your phone or tablet in the Google Authenticator) to verify your identity.

Here is what WHMCS put on their page about this feature:

Time Based Tokens

WHMCS™ Time Based Tokens work with any OATH software such as Google Authentication for Android, or Apple™s OATH Token App for example.
Once activated, users will be required to provide a second form of Authentication that only they have access to. This Authentication comes
in the form of a 6 digit passcode that expires every 30 seconds.
How does it work?

Upon initial signing once Token Based Two Factor Authentication is actived, users will be presented with a QR code to scan using their smartphone or tablet device.
Once this is scanned, their device will then store authorization to generate a pass code and authentication to your WHMCS installation.
Every 30 seconds, a new 6 digit code will be generated through their OATH application of choice which will be used as their second form
of Authentication during login to your WHMCS.
Why do I need this?

Many individuals tend to use the same password for all of their login points. In the event that a malicious users gains access to one
login of you or your staff, they could potentially gain access to all other login-required sites – Like your WHMCS.

Two-Factor Authentication puts a stop to that by requiring users who succesfully login in with a user & password combintation to use
a physical device they posses for futher verification.

Thank you for taking the time to read this.
Robert Harvey
256-520-73327 cell
www.rdcsshosting.com