YubiKey is a hardware-based two-factor authentication (2FA) device that provides an additional layer of security for accessing online platforms, including WHMCS. It generates one-time passcodes (OTP) that users must enter along with their regular login credentials. Here's how you can set up YubiKey for administrators in WHMCS:
Setting Up YubiKey for WHMCS:
-
Purchase and Set Up YubiKey:
- Acquire YubiKey devices for each administrator who will use them for authentication.
- Follow the manufacturer's instructions to set up the YubiKey for use with OTP.
-
Install YubiKey Plugin for WHMCS:
- Download and install the YubiKey plugin for WHMCS from the WHMCS Marketplace or directly from the Yubico website.
-
Configure YubiKey Plugin:
- In your WHMCS admin panel, go to "Setup" > "Addon Modules".
- Locate the YubiKey module and click "Activate".
-
Configure API Key:
- Obtain an API key from the Yubico website by creating a new Yubico account or logging in to your existing one.
-
Enter API Key in WHMCS:
- In the YubiKey module settings, enter the API key provided by Yubico.
-
Set Up Users in Yubico:
- In the Yubico admin panel, add the users who will be using YubiKey for authentication.
-
Configure User Accounts in WHMCS:
- In WHMCS, go to "Setup" > "Staff Management" > "Administrators".
- Edit the administrator accounts you want to enable YubiKey for.
-
Enable YubiKey for Administrators:
- In the administrator's profile, locate the "Two-Factor Authentication" section.
- Choose "YubiKey" and enter the Public Identity of the corresponding user in Yubico.
-
Testing YubiKey:
- Log out of your WHMCS admin panel and log in again. You should be prompted to authenticate using YubiKey.
-
Authenticate with YubiKey:
-
Insert your YubiKey into a USB port or follow the manufacturer's instructions for the specific YubiKey model you have.
-
Press the YubiKey button to generate an OTP. The OTP will be automatically entered into the authentication prompt.
-
If successful, you will gain access to the WHMCS admin area.
-
Best Practices for Using YubiKey:
-
Encourage 2FA Use: Encourage all administrators to use YubiKey for two-factor authentication.
-
Recovery Codes: Some 2FA setups provide recovery codes. Encourage administrators to store these codes securely in case they are unable to access their 2FA device.
-
Education and Training: Provide training on 2FA and its benefits to all administrators.
By setting up YubiKey with WHMCS, you add an extra layer of hardware-based security to your admin area, helping to protect sensitive information and prevent unauthorized access.