Jump to content
yggdrasil

When do you think Yubikey will be support two devices?

Recommended Posts

I think I already said this on another post but the current 2-FA implementation with WHMCS is not USABLE in a real world use. Everyone knows that 2FA has to be have some backup method which WHMCS does not have. Example, the official guide to use YubiKey is to purchase 2. This is the proper approach because if you lose one key, you are literally screwed...and locked out of everything.

This is why every 2FA service I know lets you have more than one 2FA device. If you are using YubiKey you would add 2, or if you have just one, add that one and a time token Google authenticator as a second.

How hard can it be for WHMCS to duplicate the existing feature to allow more than one 2FA device? I have used keys for years and I cannot enable this for admin because I would be locked out in case I get out of the office. Let me explain, the main key is hardware attached to the keyboard. The other one is on my key ring when I travel or on the road.

If I enable 2FA on my WHMCS account it means I would be locked out on the go because WHMCS of course, only allows 1 single 2FA key or authentication. This is just horrible. WHMCS is the only thing I still cannot enable 2FA for my own use and I have noticed that most users/customers don't enable this either because there is no fail over method. The persons that did have it enabled eventually contacted me to disable it.

Please, WHMCS why can't you just allow 2 FA methods per account or user? This is just bad implementation. I'm sure nobody at WHMCS uses this either, it seems it was added just to say they have it but its not usable like this for the staff or customers.

Edited by yggdrasil

Share this post


Link to post
Share on other sites

Completely agree, though I had to stop using Yubi on WHMCS because it stopped working on my version when the implementation changed. I'd have needed to upgrade WHMCS. Using a different method currently and if that fails, I'd have to edit the database to change the setting, I imagine.

Share this post


Link to post
Share on other sites

Hi there,

I'd suggest submitting a feature request if this is a feature you'd find helpful in future: https://requests.whmcs.com

If a plurality of other users agree, we can potentially cconsider it.

In the meantime WHMCS provides backup codes in the event of device loss.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated