Microsoft Authenticator

[Chad]

I don't see any possible option to use Microsoft Authenticator for my admin account's 2FA. Are DuoMobile and Yubikeys the only options?

[steven99]

Built-in options, yes.   There may be third party modules that do this or you could do a custom one. 

[brian!]

On 16/02/2019 at 19:22, Chad said:

I don't see any possible option to use Microsoft Authenticator for my admin account's 2FA. Are DuoMobile and Yubikeys the only options?

I think there are other options...

https://www.whmcs.com/two-factor/

Quote

Time Based Tokens

WHMCS’ Time Based Tokens work with any OATH software such as Google Authentication for Android, or Apple’s OATH Token App for example. Once activated, users will be required to provide a second form of Authentication that only they have access to. This Authentication comes in the form of a 6 digit passcode that expires every 30 seconds.

https://www.whmcs.com/members/knowledgebase.php?action=displayarticle&id=242

Quote

Our Two-Factor Authentication uses a system called 'Time Based Tokens'. There are many compatible apps you can find in your device's store. We suggest the following:

• iPhone/iPad: Google Authenticator
• Android: Google Authenticator
• Windows Phone: Microsoft Authenticator

though as I think you have to pay WHMCS for using TBT, you might want to check with them first by opening a ticket.

• if you get your license directly from WHMCS - https://www.whmcs.com/support/
• if you get your license from a reseller / host - https://www.whmcs.com/reseller-support/

there will be "Open A Ticket" buttons available via both links - just click on the appropriate link above...

[Chad]

It's pathetic that we have to pay a fee to secure our billing software login with 2FA (our choice app instead of their method). Really shameless on WHMCS's part.

[bear]

We simply use Yubikey, that we bought direct. Not having to pay for access to something like Authy would have been preferred for us, but that will do. 

[WHMCS John]

Hi @Chad,

Yes you can use the Microsoft Authenticator app with the Time Based Tokens option.

I use it myself 🙂

[Chad]

2 minutes ago, WHMCS John said:

Hi @Chad,

Yes you can use the Microsoft Authenticator app with the Time Based Tokens option.

I use it myself 🙂

Ok, but don't you think it's ridiculous WHMCS charges us a monthly fee to secure our billing software?

[bear]

1 hour ago, Chad said:

Ok, but don't you think it's ridiculous WHMCS charges us a monthly fee to secure our billing software?

If there was no other way to lock things down some, yes. As it is you can set up HTTP AUTH, or Yubikey, and/or IP restrictions (even "tunneling" through a VPN that's whitelisted) and more. Them charging fees for *some* methods might not be appreciated, but you're not held hostage to those methods. Can't fault them for it in this case. 

[steven99]

I think @Chad was referring to 2FA in terms of securing WHMCS. The other items you mentioned are a bit different though could I guess add additional layers of security . 

[bear]

The ones I mention are also for helping secure WHMCS access, at least the admin area. 
We restrict via IP, as well as using Yubi as 2FA. If our IP changed frequently, we'd probably go with a VPN that's allowed to access and hit that to log in from.