Back to Blog Posts

Announcing Time-Based Tokens are becoming free

By Matt / August 30th, 2019

With the release of WHMCS 7.8, we are pleased to announce the discontinuation of the monthly fee for use of Time-Based Tokens Two-Factor Authentication.

We first released support for Time-Based Tokens all the way back in March 2013 and since that time, the feature has only been accessible to those who pay an additional monthly fee for it. This was one of our first attempts at introducing functionality that was unlocked by purchasing access, and while successful, we believe that security features are a fundamental part of our product, and something that should be available to everyone.

That's why as of today, we are pleased to announce that Time-Based Token Two-Factor Authentication is now becoming free for everyone to use.

Two-Factor Authentication with Duo Security is already free for up to 10 users, and Yubikey Two-Factor Auth via a physical hardware device remains supported also.

What's new in WHMCS 7.8?
Alongside the discontinuation of fees for Time-Based Tokens in WHMCS 7.8, we've made a number of usability and functionality improvements to the Two-Factor Authentication functionality in WHMCS.

Improved setup and activation experience
A new more informative and easy to understand process has been provided for users activating Time-Based Token Two-Factor Auth for the first time. We'll guide users through the process, informing them of apps they can use and providing more helpful feedback in case of errors.

Modernised admin area setup experience
We've given the admin area setup experience a fresh new look that brings the latest look and feel as well as usability improvements to the process of setting up and configuring your Two-Factor Authentication settings. Remember this is also where you can enable the options to force your customers or administrative users to enable Two-Factor Authentication the next time they login.

Activated by default for new installations
For new installations performed with WHMCS 7.8 or later, Two-Factor Authentication via Time-Based Tokens will be activated and available by default, allowing both clients and admins who wish to take advantage of this extra security feature to do so without any additional configuration being required.

We recommend upgrading to WHMCS 7.8 to get the benefit of all these latest updates and improvements.

How do I get access to Time-Based Tokens?
As soon as you upgrade to WHMCS 7.8, Time-Based Tokens will become immediately available to activate and use via the Setup > Staff Management > Two-Factor Authentication page.

For users of WHMCS 7.0 and later, the next time your installation performs a license check, you too will be able to activate and start using Time-Based Tokens Two-Factor Authentication. Users of older versions must upgrade in order to access the Time-Based Tokens functionality.

As of Wednesday August 28th, all Time-Based Token services have been cancelled, along with any outstanding renewal invoices you may have had. For users who pay annually, you will already have automatically received a credit for any unused time remaining on your subscription. Users who pay monthly will not receive a credit.

In all cases, if you have an active PayPal Subscription you should cancel this to avoid any further payments being made.

If you have any further questions not answered here, you can contact our Customer Service team who will be more than happy to help.

Learn more about WHMCS 7.8
WHMCS 7.8 is now available under General Release and is the recommended version for all new installations and upgrades. To find out more about what's new in WHMCS 7.8, visit

If you have any questions, we invite you to ask them in the comments below.

Liked this article? Share it