Disable security quiestions

[pdn]

I tried out security question and now I want to disable it. My test account was the only account with a security question and all other accounts have been made from inside the admin panel, with no security question added.

I have now deleted all security question under the Setup tab but the menu is still showing in the client area under "My Details" / "Change Security Question"

 

Can someone tell me how I get rid of that? (the dropdown list of questions is emty)

[easyhosting]

I tried out security question and now I want to disable it. My test account was the only account with a security question and all other accounts have been made from inside the admin panel, with no security question added.

I have now deleted all security question under the Setup tab but the menu is still showing in the client area under "My Details" / "Change Security Question"

 

Can someone tell me how I get rid of that? (the dropdown list of questions is emty)

 

Do you know the purpose of a security question?

 

if a client registers with you and somehow forgets their login details, WHMCS has a password remind service that will ask the clients for an answer to their secrity question before a new password id issued.

 

if this was disabled then anyone could say to you can i have my login detail as i have lost these. how are you to know that it is the account holder asking for these details.

[pdn]

I see what you meen but I think that´s the problem with companies using security questions. Regardless, you should never give out login details over phone. They still have "Request a Password Reset" feature. I know you will say what if they don´t have access to that email account? Well, you can still send reseting info by SMS since they register that in the system. My TOS also saying they should at any time have a valid email address in the system.

 

Any idea how I remove this in the client area?

[easyhosting]

I see what you meen but I think that´s the problem with companies using security questions. Regardless, you should never give out login details over phone. They still have "Request a Password Reset" feature. I know you will say what if they don´t have access to that email account? Well, you can still send reseting info by SMS since they register that in the system. My TOS also saying they should at any time have a valid email address in the system.

 

Any idea how I remove this in the client area?

 

the information is not sent over the phone, when a client clicks "Request a Password Reset" the details are sent to the clients registered email address. you will find that major companies use this feature, which is a way to make sure the person requesting the login details is the account holder and not an imposter.

[pdn]

Thats correct. If someone don´t have access to their registered email I can send the new information to the registered phone. manually ofc.

 

I´m not arguing against security questions. It´s just that I have my way that I think is safer booth for me and my clients. I know a lot of major companies use security questions but let´s face it, it´s not that hard to figure some of these answers out. And often they let you answer the question and then directly type a new password. They really should send the customer a mail with a "password reset link" (some does, some doesn´t)

[easyhosting]

Thats correct. If someone don´t have access to their registered email I can send the new information to the registered phone. manually ofc.

 

I´m not arguing against security questions. It´s just that I have my way that I think is safer booth for me and my clients. I know a lot of major companies use security questions but let´s face it, it´s not that hard to figure some of these answers out. And often they let you answer the question and then directly type a new password. They really should send the customer a mail with a "password reset link" (some does, some doesn´t)

 

security is paramount and their is no way i would give login details over the phone, it is up to cleints to make sure that they have an active email addres on their account, if they do not then this is not my problem and the details will not be given anyother way.

 

WHMCS do sent a password reset link when the "Request a Password Reset" feature is used

[pdn]

Thanks for the input but lets get back to my question. Do someone know how I can remove the "Change Security Question" in client area under "My Details"?

[sparky]

edit the templates to remove the links to it.

[pdn]

edit the templates to remove the links to it.

 

Do you know what template(s) to edit?

[HerrZ]

should be all templates with "clientareanavsecurityquestions" in it.

"clientareanavsecurityquestions" is the key of the languagearray (with the value "Change Security Question") in folder "lang/"

[pdn]

should be all templates with "clientareanavsecurityquestions" in it.

"clientareanavsecurityquestions" is the key of the languagearray (with the value "Change Security Question") in folder "lang/"

 

Thank you HerrZ!

[pdn]

When I removed the "clientareanavsecurityquestions" from English.txt in "/lang" my client area get blank. Is there any other way to remove the text "Change Security Question" in client area under "My Details"?

[sparky]

remove the link from the tpl files

 

clientareadetails.tpl

clientareachangepw.tpl

clientareachangesq.tpl

clientareacontacts.tpl

clientareacreditcard.tpl

[pdn]

That solved it! Thank you:)