two-factor for contacts/sub-accounts

[BarrySDCA]

It seems WHCMS locked the front door but left the side doors open when they neglected to support 2FA for client sub accounts. Has anyone made a mod to support this yet?

 

thank you

[BarrySDCA]

looks like I will need to add this myself. 2FA is easy - but how can I direct users to an authentication script at login?

 

there is an action hook "ClientLogin" which I can call, and in that script determine if it's a contact/sub-account.

 

but...how do I generate a HTML GUI in the hook so that I can receive their 2FA code? any ideas?

[jclarke]

My two factor auth module does support two factor authentication for sub accounts. The code is also unencoded so you are free to modify it if needed.

 

https://www.whmcs.com/appstore/958/Two-Factor-Auth.html

[BarrySDCA]

thanks joe

[malfunction]

The 2FA mod from jclarke is highly recommended, we use it (with Duo Security) and have been very happy with its functionality and performance. Particularly comforting, with the endless stream of WHMCS hacks, is that bad guys are kept out of the admin even if they managed to recover the login credentials through SQL injection or whatever. Worked well for us on all versions 5.0 through the latest 5.2.12 and is very inexpensive.

 

Ignoring the obvious weakness that the OP raises, I absolutely refuse to pay WHMCS for their 2FA implementation. Their decision to charge clients for a much needed security measure is much like selling lifejackets to passengers on a sinking ship. It's not about the money, it's the greedy, uncaring attitude