It's easier than you think for your online accounts to be compromised.
From using the same password on more than one site, to downloading compromised software from the Internet, to clicking on links in email messages, account breaches can happen to anyone.
Two-Factor Authentication can help keep bad guys out, even if they discover your password. And that's why I recommend everyone who reads this article enables Two-Factor Authentication not just for WHMCS, but for every online service they use.
How it works
What is Two-Factor Authentication? Two-factor authentication provides an extra layer of security for your online accounts. After Two-Factor Authentication is enabled, Instead of only entering a password to log in, you'll also enter a code or use a security key. This additional step helps make sure that you, and only you, can access your account because logging in now requires something you know, and something you have (like your phone).
With Two-Factor Authentication enabled, whenever you sign in to WHMCS, you will be prompted to provide a second authentication credential. The most common form of second factor authentication is a 6 digit code that changes every 30 seconds, known as a Time-Based Token, which can be generated by many free apps such as Google Authenticator and Microsoft Authenticator using nothing more than your existing mobile device.
Enabling Two-Factor Authentication with WHMCS
We recommend using Time-Based Tokens for Two-Factor Authentication with WHMCS. To enable it as an admin user, log in to your WHMCS admin area and navigate to the My Account page. From there, locate the Two-Factor Authentication option and slide the toggle to enable.
A short wizard based process will guide you through the process of configuring Two-Factor Authentication with your chosen Two-Factor solution. In most cases, it's as simple as scanning the provided QR code with your chosen code generating app. Don't have an app yet? The following are two popular solutions:
- Google Authenticator - Google Play Store | Apple App Store
- Microsoft Authenticator - Google Play Store | Apple App Store
The final step of the setup process will give you a backup code. Backups help you get back into your account if you lose your phone or can't sign in for another reason. You should store your backup code in a safe place, offline.
For clients and end users, the process is the same. To begin, a client needs to login and then navigate to Account > Security Settings and follow the steps to activate and enable Two-Factor Authentication.
Not seeing the Two-Factor Authentication options? If as a client of a hosting company using WHMCS you do not see the option for Two-Factor Authentication, you may need to contact your web host and ask them to enable it.
Once setup, every time you log in, you will be prompted for your second factor:
Enabling Two-Factor Authentication is fast, easy and free, so don't wait any longer before securing your online accounts. Thanks for reading!
