Time-based tokens, also known as time-based one-time passwords (TOTP), are a form of two-factor authentication (2FA) commonly used for securing access to online accounts, including WHMCS. TOTP generates a unique, time-limited code that users must enter along with their regular login credentials.

Here's how you can set up time-based tokens (TOTP) for administrators in WHMCS:

1. Log into WHMCS: Access your WHMCS admin panel using your username and password.

2. Navigate to Administrator Management:

   • Go to "Setup" > "Staff Management" > "Administrators."

3. Edit Administrator User:

   • Select the administrator user for whom you want to enable time-based tokens and click "Edit."

4. Enable Two-Factor Authentication:

   • In the administrator's profile, locate the "Two-Factor Authentication" section.

5. Select Time-Based Tokens:

   • Choose the "Time-based Tokens (TOTP)" option.

6. Set Up Time-Based Tokens:

   • The administrator will need to set up a TOTP application on their mobile device. Popular TOTP apps include Google Authenticator, Authy, and Microsoft Authenticator.

7. Scan the QR Code:

   • In the TOTP app, the administrator will need to scan the QR code displayed in WHMCS. This links the app to their WHMCS account.

8. Enter the Generated Code:

   • After scanning, the TOTP app will generate a one-time code. The administrator should enter this code into the "Token Code" field in WHMCS.

9. Save Changes:

   • Click the "Save Changes" button to apply the TOTP settings.

10. Logging In with TOTP:

    • When the administrator logs in, they will enter their username and password, followed by the current TOTP code generated by their app.

11. Access Granted:

    • If both the password and TOTP code are correct, the administrator will gain access to the WHMCS admin area.

Best Practices for Using Time-Based Tokens:

• Encourage 2FA Use: Encourage all administrators to enable 2FA with time-based tokens for their accounts.

• Recovery Codes: Some TOTP setups provide recovery codes. Encourage administrators to store these codes securely in case they are unable to access their TOTP device.

• Education and Training: Provide training on 2FA and its benefits to all administrators.

By enabling time-based tokens (TOTP) for administrators, you enhance the security of your WHMCS admin area, protecting sensitive information and preventing unauthorized access.