# Two-Factor Authentication



## Jade (Aug 5, 2013)

I know WHMCS has an option for Two-Factor Authentication, like time-based one time passwords.

What are your thoughts on this? Do you think this is a secure way to add more security to your client's accounts?


----------



## zomgmike (Aug 5, 2013)

When it comes to security nothing replaces dillegence, but 2 factor authentication is a good place to start.  Hacks happen daily, but two factor authentication is a good way to ensure that even if your password gets out that you're still protected - at least long enough to change your password.

I like any security method that increases the amount of time that a hacker has to spend to get to your data, even after/if something is breached.


----------



## Jade (Aug 5, 2013)

zomgmike said:


> When it comes to security nothing replaces dillegence, but 2 factor authentication is a good place to start.  Hacks happen daily, but two factor authentication is a good way to ensure that even if your password gets out that you're still protected - at least long enough to change your password.
> 
> I like any security method that increases the amount of time that a hacker has to spend to get to your data, even after/if something is breached.


In the Time-Based One Time password that you can activate in WHMCS, if the client gets hacked and their password is breached then their still safe because it's a number password changed every 30 minutes seconds on your smart phone(iPhone, Andriod etc.)


----------



## shawn_ky (Aug 5, 2013)

Used to use RSA-IDs for two-factor authentication at several large companies. They were great until they were lost. (got expensive!)


----------



## kaniini (Aug 6, 2013)

I think the fact that WHMCS charges $1.50/month for a security feature that ultimately took them, at most, 15 minutes to integrate is deplorable.

I can see charging extra for using, for example, Yubikeys.  It makes one question the priorities at WHMCS.


----------



## Jade (Aug 6, 2013)

kaniini said:


> I think the fact that WHMCS charges $1.50/month for a security feature that ultimately took them, at most, 15 minutes to integrate is deplorable.
> 
> I can see charging extra for using, for example, Yubikeys.  It makes one question the priorities at WHMCS.


GridHostingSolutions was thinking about offering Yubikey's to all dedicated server clients at the cost of the key of course


----------



## ComputerTrophy (Aug 11, 2013)

I pay the $15 per year ($18, if you include tax rates) for 2FA with WHMCS. I'd rather be secure than sorry. It's a small investment as well.

SolusVM are also talking about 2FA.

In fact, since I'm so worried about being infected with a RAT and have my public/private keys stolen as well as my password, I use 2FA on my servers instead. http://vpsboard.com/topic/1542-linux-two-factor-authentication-with-google-authenticator-module/


----------

