Time-based tokens, also known as time-based one-time passwords (TOTP), are a form of two-factor authentication (2FA) commonly used for securing access to online accounts, including WHMCS. TOTP generates a unique, time-limited code that users must enter along with their regular login credentials.
Here's how you can set up time-based tokens (TOTP) for administrators in WHMCS:
-
Log into WHMCS: Access your WHMCS admin panel using your username and password.
-
Navigate to Administrator Management:
- Go to "Setup" > "Staff Management" > "Administrators."
-
Edit Administrator User:
- Select the administrator user for whom you want to enable time-based tokens and click "Edit."
-
Enable Two-Factor Authentication:
- In the administrator's profile, locate the "Two-Factor Authentication" section.
-
Select Time-Based Tokens:
- Choose the "Time-based Tokens (TOTP)" option.
-
Set Up Time-Based Tokens:
- The administrator will need to set up a TOTP application on their mobile device. Popular TOTP apps include Google Authenticator, Authy, and Microsoft Authenticator.
-
Scan the QR Code:
- In the TOTP app, the administrator will need to scan the QR code displayed in WHMCS. This links the app to their WHMCS account.
-
Enter the Generated Code:
- After scanning, the TOTP app will generate a one-time code. The administrator should enter this code into the "Token Code" field in WHMCS.
-
Save Changes:
- Click the "Save Changes" button to apply the TOTP settings.
-
Logging In with TOTP:
- When the administrator logs in, they will enter their username and password, followed by the current TOTP code generated by their app.
-
Access Granted:
- If both the password and TOTP code are correct, the administrator will gain access to the WHMCS admin area.
Best Practices for Using Time-Based Tokens:
-
Encourage 2FA Use: Encourage all administrators to enable 2FA with time-based tokens for their accounts.
-
Recovery Codes: Some TOTP setups provide recovery codes. Encourage administrators to store these codes securely in case they are unable to access their TOTP device.
-
Education and Training: Provide training on 2FA and its benefits to all administrators.
By enabling time-based tokens (TOTP) for administrators, you enhance the security of your WHMCS admin area, protecting sensitive information and preventing unauthorized access.