Jump to content

Why do OAUTH and Google Authenticator require a monthly fee?


Dr. McKay

Recommended Posts

We already pay either a monthly fee or a one-time fee + yearly support/updates fee for the use of the WHMCS software.

 

I upgraded to the lastest version of WHMCS today (5.2.1) and was pleasantly surprised to discover that two-factor authentication had been added. I clicked over to the page in in the admin control panel and then found out that it costs $1.50 monthly to enable OAUTH and Google Authenticator support.

 

Why is this the case? Would it not be better to offer a feature that provides additional security at no cost to all customers for free?

Link to comment
Share on other sites

Hello,

 

This is an optional service, much like the Project Manager, License Manager, or other alternative third party addons. Alternatively, a Yubikey (which I use for everything) can also be integrated using WHMCS which is a one time $25 fee through Yubico for the Yubikey stick.

Link to comment
Share on other sites

I agree with the OP. I was appalled to find out that WHMCS is even more greedy and wants a monthly fee for two factor authentication. Given the security breaches this company had, they should be promoting this and including it in their product. Every other product out there that has two factor authentication provides it for free since it is enhancing their own product. It makes me sick to my stomach that this company wants to nickle and dime the customers that support it.

 

When other companies have security breaches, they've offered free credit monitoring and a range of other solutions to their customers. Not one thing came from WHMCS and now they want $1.50 a month for something that in the end, will provide security for all users of this software.

Link to comment
Share on other sites

Hello,

 

This is an optional service, much like the Project Manager, License Manager, or other alternative third party addons. Alternatively, a Yubikey (which I use for everything) can also be integrated using WHMCS which is a one time $25 fee through Yubico for the Yubikey stick.

 

This is different. This is not an addon, this is part of the software. This is intentionally crippling security features in the software and forcing paying customers to pay extra in order to offer their users additional security features.

 

Charging a fee for SMS codes is completely understandable and justified. SMS messages are not free to send. Google Authenticator/OAUTH, however, takes no more than a few hours to integrate into most solutions and is open-source.

Edited by Dr. McKay
Link to comment
Share on other sites

I'd have to agree with the other comments here, that's a pretty shady move.

 

One of the major highlights of this release is the introduction of Two-Factor Authentication. Both yours and your clients' security is of the utmost importance to us

 

Our security is of the utmost importance to you, just not quite as important as making money off an open source service?

Edited by LDHosting
Link to comment
Share on other sites

In part i agree, IF and thats the only cause for me to agree, they have done some intensive re-factoring of the source code and made it function better than the original then yes charge for it, but if this is simply a case of, lets take some free code and charge for its usage, then remove it from the code and we can all stick to the free source code thanks.

 

 

Further more, whats with this upgrades fees, if your going to keep on charging me for upgrades what was the point in having me pay for an owned license. The point in me buying it was to have no more outlay for the product. If i wanted to keep paying for the software time and time and again i would have just gone with the monthly licensing and not had an upgrade fee to pay!

 

 

Just ran some calculations and actually the deal may not be so bad after all.

 

on an unbranded owned license with annual upgrade fees it would take about 30 years to match the cost of monthly for 10 years. I guess that in itself is reason enough to buy an owned license

Edited by disgruntled
Link to comment
Share on other sites

I don't know, to me it just seems wrong to charge a premium for security features that have been promised for since the breach last year, especially when the security feature is an open source service that would have taken a couple of hours to integrate. To me, this clearly shows that WHMCS is more interested in lining their pockets than they are in customer security.

 

I could understand it slightly easier if it was a 1.50 one off charge to help cover coding costs (they would still profit doing this, just not huge recurring profits), or if it was costing WHMCS for SMS charges or something. This just feels a little like being held to ransom "Want us to make your billing system more secure? Pay us!". Would you charge a premium for encrypting passwords in the database and leave them in plaintext for those that won't pay?

 

Just my opinion, no doubt others will have their own.

Link to comment
Share on other sites

Seriously?! An open source solution with open protocols and an open client and they want to charge for it?!

 

/boggle

 

I agree with you on this. I find it sickening that they encrypt their own software so that we can't fix things and contribute back, and then they take open source code and integrate it AND charge a monthly fee for it! I am speechless. I wish there was more competition, then they might not have done this. :(

Link to comment
Share on other sites

I find it sickening that they encrypt their own software so that we can't fix things and contribute back.

 

Encrypting the software introduces a number of benefits that I doubt you're seeing here. It helps keep malicious users from releasing trojan injected versions of the software out, and malicious users from exploiting the software - these are just to name a few. Ultimately, it's the right of any software provider to ship their product encrypted, or open sourced if they wish. You're welcome to use the API to expand WHMCS to fit your needs so editing core files shouldn't be necessary.

Link to comment
Share on other sites

Encrypting the software introduces a number of benefits that I doubt you're seeing here. It helps keep malicious users from releasing trojan injected versions of the software out, and malicious users from exploiting the software - these are just to name a few. Ultimately, it's the right of any software provider to ship their product encrypted, or open sourced if they wish. You're welcome to use the API to expand WHMCS to fit your needs so editing core files shouldn't be necessary.

 

@WHMCS Chris - do not quote me and edit the quote and take it out of context! Shame on you!

 

You quoted this:

 

"Originally Posted by ditto

I find it sickening that they encrypt their own software so that we can't fix things and contribute back."

 

Thats not correct! You removed it out of context AND replaced the comma with a period at the end! I am sich of this. This is what I wrote:

 

"I agree with you on this. I find it sickening that they encrypt their own software so that we can't fix things and contribute back, and then they take open source code and integrate it AND charge a monthly fee for it! I am speechless. I wish there was more competition, then they might not have done this."

Edited by ditto
Link to comment
Share on other sites

... But 2 Factor auth is infact something we've been looking at and working on for a few months now, and DuoSecurity is just one possible option that we're looking at adding support for, but there are 2 other completely free solutions we've implemented that I'm sure will be the most popular.

 

(Emphasis Added)

 

No comment needed, quote stands on its own.

Link to comment
Share on other sites

https://www.serverping.net/clients/cart.php?gid=3

Two Factor Auth, 15 bucks. Has more features and is not monthly, one time. I currently use it.

The also do a free trial of this, so anyone can try it out before purchasing, I will look at this once i upgrade to 5.2, but as i already have OAUTH and Google Authenticator i should not need it

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated