yggdrasil Posted February 15, 2021 Share Posted February 15, 2021 (edited) I think I already said this on another post but the current 2-FA implementation with WHMCS is not USABLE in a real world use. Everyone knows that 2FA has to be have some backup method which WHMCS does not have. Example, the official guide to use YubiKey is to purchase 2. This is the proper approach because if you lose one key, you are literally screwed...and locked out of everything. This is why every 2FA service I know lets you have more than one 2FA device. If you are using YubiKey you would add 2, or if you have just one, add that one and a time token Google authenticator as a second. How hard can it be for WHMCS to duplicate the existing feature to allow more than one 2FA device? I have used keys for years and I cannot enable this for admin because I would be locked out in case I get out of the office. Let me explain, the main key is hardware attached to the keyboard. The other one is on my key ring when I travel or on the road. If I enable 2FA on my WHMCS account it means I would be locked out on the go because WHMCS of course, only allows 1 single 2FA key or authentication. This is just horrible. WHMCS is the only thing I still cannot enable 2FA for my own use and I have noticed that most users/customers don't enable this either because there is no fail over method. The persons that did have it enabled eventually contacted me to disable it. Please, WHMCS why can't you just allow 2 FA methods per account or user? This is just bad implementation. I'm sure nobody at WHMCS uses this either, it seems it was added just to say they have it but its not usable like this for the staff or customers. Edited February 15, 2021 by yggdrasil 1 Quote Link to comment Share on other sites More sharing options...
bear Posted February 15, 2021 Share Posted February 15, 2021 Completely agree, though I had to stop using Yubi on WHMCS because it stopped working on my version when the implementation changed. I'd have needed to upgrade WHMCS. Using a different method currently and if that fails, I'd have to edit the database to change the setting, I imagine. 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Support Manager WHMCS John Posted February 15, 2021 WHMCS Support Manager Share Posted February 15, 2021 Hi there, I'd suggest submitting a feature request if this is a feature you'd find helpful in future: https://requests.whmcs.com If a plurality of other users agree, we can potentially cconsider it. In the meantime WHMCS provides backup codes in the event of device loss. -1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.