How to see a clients password

[zippohosting]

Well, I have my answer from Matt - the answer is no we can not see the passwords in v4.

 

It has become a customer service issue since 90% of our clients rely on us to do many of the tasks - and when we are logged in as admin it is not the same experience as logged in as a client.

 

I am glad the thread invoked some great debate and maybe WHMCS will introduce the feature again in future.

 

Thank you to all.

[Stream101]

We should NOT be able to see the passwords (especially low level employees). We SHOULD however, be able to have a button to login as the client for every panel, either by encoding the password into a URL or another method, but we NEED to be able to login as the client every once in a while.

[Lawrence]

We should NOT be able to see the passwords (especially low level employees). We SHOULD however, be able to have a button to login as the client for every panel, either by encoding the password into a URL or another method, but we NEED to be able to login as the client every once in a while.

 

That ability is already there. Just "login as client" and go to the product or service in mind, and click the login button for it.

[othellotech]

That ability is already there. Just "login as client" and go to the product or service in mind, and click the login button for it.

 

It doesnt provide the same "features" as *actually* logging in as the client - because it "knows" you're logged in as and admin.

[merlinpa1969]

IF you hit the login as client button on the client info page in admin

 

you can then hit the products link and hit the login button it WILL login you in as the client and NOT as admin.... we do this all the time

[keliix06]

Yes, I know. It's a PITA.

 

Like some others on here, most of my customers are known to me personally - I recognize their voices on the phone, I know them to see them - they've counted on me for years to be able to quickly and easily provide them all sorts of info, including forgotten passwords. They will email me files and ask me to upload them to their site - and I like being able to lookup user/pass so that I can do that. Often their MySQL passwords will be the same as their FTP/CPanel passwords, so again - I like being able to look it up and it's always helped me service my customers.

 

Fundamentally - I see no security advantage to having a full 'root' admin not being able to see all info, including passwords.

 

How does not being able to see the WHMCS password stop you from doing any of that? Control panel and other login info is not ecrypted. The ONLY thing you can't see is their password for WHMCS. And for that, if you want to provide the password that they've lost, you can either manually change it or enter their email address in the password reminder page.

[9DollarDomains]

It's an extra PITA, and fundamentally - I see no security risk in having a full 'root' admin being able to see all info, including all passwords.

[Lawrence]

IF you hit the login as client button on the client info page in admin

 

you can then hit the products link and hit the login button it WILL login you in as the client and NOT as admin.... we do this all the time

 

Exactly. Thank you

[Ninthcom]

After reading this post, I agree with 9DollarDomians! If you have full root admin access, your portal should be transparent or you should have a function to see the password just like you do to see a clients credit card information... Maybe that could be an option.

[Lawrence]

After reading this post, I agree with 9DollarDomians! If you have full root admin access, your portal should be transparent or you should have a function to see the password just like you do to see a clients credit card information... Maybe that could be an option.

 

Perhaps, but as previously stated, there is no good reason to need the client's password.

[MACscr]

Root cant see users passwords in linux and administrator cant see users passwords in windows. Why do you think it should be possible in whmcs then?

[scurrell]

Perhaps, but as previously stated, there is no good reason to need the client's password.

 

Root cant see users passwords in linux and administrator cant see users passwords in windows. Why do you think it should be possible in whmcs then?

 

It's not your decision to make though is it? This thread is for people who want an option to be able to see, or easily access the clients password.

 

If you're happy with the way things are, don't bother to post.

[Lawrence]

It's not your decision to make though is it? This thread is for people who want an option to be able to see, or easily access the clients password.

 

If you're happy with the way things are, don't bother to post.

 

Perhaps I shouldn't, but people should understand that this was done for security. If someone forgets their password or loses it, it is bad (security-wise) to re-issue the same one.

[edvan.com.br]

I prefer earlier!

 

Could use in email templates access to WHMCS client without the need to enter the email / password to view invoices or to access the control panel.

 

Eg: http://yourwhmcs.com/dologin.php?username=email_client@domain.com&password=**********&goto=viewinvoice&id=XX

[davet]

It would be very helpful if this was an option we can turn on and let us decide whether or not we want to be able to read the password.

[Frankc]

I originally posted this in a similar thread in the FEATURE REQUESTS forum but then saw that the thread was closed. Strange because MANY users requested this feature to come back.

 

Many of us have spent months and many many thousands on making WHMCS to be a core part of a number of disparate systems, with shared logins, cross system management/billing etc

 

So removing a core-part of the system that has been built on and relied on is a major backwards step ...

 

Actually it's really funny that WHMCS and some users protect and defend the PETTY CASH passwords which is WHMCS client area passwords like Fort Knox but leave the REAL GOLD such as the hosting account information totally unprotected.

 

Can any of the clever posters please explain to me how a client that travel without access to email can access his account to view invoices, pay invoices or order something etc if he/she forget his/her password?

 

We as administrators is there to provide a SERVICE to our clients and if they ask for their passwords and we KNOW these clients or they can identify themselves positively it's rather funny to tell them we can give them their HOUSE keys but unfortunatelly not their post box keys (for reading or paying invoices etc) since it's a security risk.

[Matt]

See http://forum.whmcs.com/showthread.php?p=113240#post113240

 

Matt

[mojowill]

Yay! Passwords are coming back!

[HostOrca]

Even better news, it's coming back as an option!

 

I agree with what Matt posted in the thread, there is absolutely no reason to have the password in plain text. There are actionhooks that can be setup to update passwords in other apps etc., storing passwords in plain text, that there is a good chance that the user uses for other sites/accounts, is just asking for trouble.

 

And before anyone says because I do not want this feature, that I shouldn't comment, this is a forum, and I, like you, have the right to express my views.

[redrat]

It seems the issue is now resolved anyway. Some very valid points have been made about the security considerations though.

[Nexxterra]

My company almost deals exclusivly with businesses, and our sales reps in turn set up, configure, and service the accounts... so not haveing easy access to the clients password caused some issues....

[MACscr]

My company almost deals exclusivly with businesses, and our sales reps in turn set up, configure, and service the accounts... so not haveing easy access to the clients password caused some issues....

 

How so? All WHMCS admins could already log into clients whmcs accounts. The issue had absolutely nothing to do with their products.

[johannes]

some users reset their pw and forget about .. its a concern to resend them their own pw by mail or phone or internet with ipod.

its hard way.

[Division]

After reading this i think the password should be active in the welcome email ONLY.

[sgrayban]

I used the password as a verification when doing phone help. If you want to hide the password then how about adding a PIN code to be used like everyone else in the hosting business uses instead of forcing what *you* think is best.

 

The people here buy your product so that it is helpful in there business - disabling features without asking for input is straight up wrong.