Jump to content
Chad

Microsoft Authenticator

Recommended Posts

I don't see any possible option to use Microsoft Authenticator for my admin account's 2FA. Are DuoMobile and Yubikeys the only options?

Share this post


Link to post
Share on other sites

Built-in options, yes.   There may be third party modules that do this or you could do a custom one. 

Share this post


Link to post
Share on other sites
On 16/02/2019 at 19:22, Chad said:

I don't see any possible option to use Microsoft Authenticator for my admin account's 2FA. Are DuoMobile and Yubikeys the only options?

I think there are other options...

https://www.whmcs.com/two-factor/

Quote

Time Based Tokens

WHMCS’ Time Based Tokens work with any OATH software such as Google Authentication for Android, or Apple’s OATH Token App for example. Once activated, users will be required to provide a second form of Authentication that only they have access to. This Authentication comes in the form of a 6 digit passcode that expires every 30 seconds.

https://www.whmcs.com/members/knowledgebase.php?action=displayarticle&id=242

Quote

Our Two-Factor Authentication uses a system called 'Time Based Tokens'. There are many compatible apps you can find in your device's store. We suggest the following:

though as I think you have to pay WHMCS for using TBT, you might want to check with them first by opening a ticket.

there will be "Open A Ticket" buttons available via both links - just click on the appropriate link above...

Share this post


Link to post
Share on other sites

It's pathetic that we have to pay a fee to secure our billing software login with 2FA (our choice app instead of their method). Really shameless on WHMCS's part.

Share this post


Link to post
Share on other sites

We simply use Yubikey, that we bought direct. Not having to pay for access to something like Authy would have been preferred for us, but that will do. 

Share this post


Link to post
Share on other sites

Hi @Chad,

Yes you can use the Microsoft Authenticator app with the Time Based Tokens option.

I use it myself 🙂

Share this post


Link to post
Share on other sites
2 minutes ago, WHMCS John said:

Hi @Chad,

Yes you can use the Microsoft Authenticator app with the Time Based Tokens option.

I use it myself 🙂

Ok, but don't you think it's ridiculous WHMCS charges us a monthly fee to secure our billing software?

Share this post


Link to post
Share on other sites
1 hour ago, Chad said:

Ok, but don't you think it's ridiculous WHMCS charges us a monthly fee to secure our billing software?

If there was no other way to lock things down some, yes. As it is you can set up HTTP AUTH, or Yubikey, and/or IP restrictions (even "tunneling" through a VPN that's whitelisted) and more. Them charging fees for *some* methods might not be appreciated, but you're not held hostage to those methods. Can't fault them for it in this case. 

Share this post


Link to post
Share on other sites

I think @Chad was referring to 2FA in terms of securing WHMCS. The other items you mentioned are a bit different though could I guess add additional layers of security . 

Share this post


Link to post
Share on other sites

The ones I mention are also for helping secure WHMCS access, at least the admin area. 
We restrict via IP, as well as using Yubi as 2FA. If our IP changed frequently, we'd probably go with a VPN that's allowed to access and hit that to log in from. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated