Difference between revisions of "Two-Factor Authentication"
| Line 10: | Line 10: | ||
There are many different options available, and in WHMCS we support more than one so you have the choice. But one of the most common and simplest to use is time based one-time passwords. With these, in addition to your regular username & password, you also have to enter a 6 digit code that changes every 30 seconds. Only your token device (typically a mobile smartphone) will know your secret key, and be able to generate valid one time passwords for your account. And so your account is far safer. | There are many different options available, and in WHMCS we support more than one so you have the choice. But one of the most common and simplest to use is time based one-time passwords. With these, in addition to your regular username & password, you also have to enter a 6 digit code that changes every 30 seconds. Only your token device (typically a mobile smartphone) will know your secret key, and be able to generate valid one time passwords for your account. And so your account is far safer. | ||
| − | + | For more information on different types of two-factor authentication WHMCS supports, please refer to http://www.whmcs.com/two-factor/ | |
| − | + | ==Configuration== | |
| + | [[File:2factor1.png|thumb|Yubico Configuration]] | ||
| + | Begin by navigating to '''Setup > Staff Management > Two-Factor Authentication''' and click the "Activate" button next to the type of two-factor authentication you wish to use. | ||
| − | + | The Duo Security and TOTP options both require a subscription before they can be configured, so instead of an Activate button, you will see a '''Subscribe To Activate''' button. You can click this to be taken to the relevant signup page, once the purchase has been completed you can return to the Two-Factor Authentication page to continue the configuration process. | |
| − | + | '''Note:''' Duo Security and TOTP services are currently manually activated, so please await confirmation of activation via email | |
| + | before proceeding further. | ||
| − | + | Once activated you will be presented with a number of options, please fill these in with the account details from your welcome email. Some options are common to all auth methods: | |
| − | == | + | ===Enable for Clients=== |
| + | [[File:2factor2.png|thumb|Enable for Clients]] | ||
| + | Ticking this option will allow clients to individually enable Two-Factor Authentication of their own accord via the client area. Once activated they will need to complete two-factor authentication each time they login. | ||
| − | + | Clients activate it via the My Details page of the client area, in the default template this is located under the "Security Settings" tab. They simply click the '''Click here to enable''' button beneath the "Two-Factor Authentication" heading and follow the on-screen instructions. | |
| − | + | Should a client decide to disable two-factor authentication at a later date, they can simply click the '''Click here to disable''' button which will appear in the same location. | |
| − | + | ===Enable for Staff=== | |
| − | Once | + | [[File:2factor3.png|thumb|Enable for Staff]] |
| − | + | Ticking this option will allow staff to individually enable Two-Factor Authentication of their own accord via the admin area. Once activated they will need to complete two-factor authentication each time they login. | |
| − | + | Staff activate it via the My Account page of the admin area (link in the top-left corner of every page). They simply clickthe '''Click here to enable button''' and follow the on-screen instructions. | |
| − | + | Should a member of staff decide to disable two-factor authentication at a later date, they can simply click the '''Click here to disable''' button which will appear in the same location. | |
| − | == | + | ==Force Settings== |
| − | + | On the left hand side of the Two-Factor Authentication page are two Force Settings. Ticking these options will require clients and/or staff to configure two-factor authentication upon next login, they will be presented with a prompt showing them the two-factor authentication instructions and will not be able to proceed until registration is complete. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Revision as of 15:46, 13 March 2013
Contents
What is Two-Factor Authentication?
Two-factor authentication adds an additional layer of security by introducing a second step to your login. It takes something you know (i.e.: your password), and adds a second factor, typically something you physically have (such as your phone). Since both are required to log in, in the event an attacker obtains your password two-factor authentication would stop them for accessing your account.
Why do you need it?
Passwords are increasingly easy to compromise. They can often be guessed or leaked, they usually don’t change very often, and despite advice otherwise, many of us have favorite passwords that we use for more than one thing. So Two-factor authentication gives you additional security because your password alone no longer allows access to your account. How does it work?
There are many different options available, and in WHMCS we support more than one so you have the choice. But one of the most common and simplest to use is time based one-time passwords. With these, in addition to your regular username & password, you also have to enter a 6 digit code that changes every 30 seconds. Only your token device (typically a mobile smartphone) will know your secret key, and be able to generate valid one time passwords for your account. And so your account is far safer.
For more information on different types of two-factor authentication WHMCS supports, please refer to http://www.whmcs.com/two-factor/
Configuration
Begin by navigating to Setup > Staff Management > Two-Factor Authentication and click the "Activate" button next to the type of two-factor authentication you wish to use.
The Duo Security and TOTP options both require a subscription before they can be configured, so instead of an Activate button, you will see a Subscribe To Activate button. You can click this to be taken to the relevant signup page, once the purchase has been completed you can return to the Two-Factor Authentication page to continue the configuration process.
Note: Duo Security and TOTP services are currently manually activated, so please await confirmation of activation via email before proceeding further.
Once activated you will be presented with a number of options, please fill these in with the account details from your welcome email. Some options are common to all auth methods:
Enable for Clients
Ticking this option will allow clients to individually enable Two-Factor Authentication of their own accord via the client area. Once activated they will need to complete two-factor authentication each time they login.
Clients activate it via the My Details page of the client area, in the default template this is located under the "Security Settings" tab. They simply click the Click here to enable button beneath the "Two-Factor Authentication" heading and follow the on-screen instructions.
Should a client decide to disable two-factor authentication at a later date, they can simply click the Click here to disable button which will appear in the same location.
Enable for Staff
Ticking this option will allow staff to individually enable Two-Factor Authentication of their own accord via the admin area. Once activated they will need to complete two-factor authentication each time they login.
Staff activate it via the My Account page of the admin area (link in the top-left corner of every page). They simply clickthe Click here to enable button and follow the on-screen instructions.
Should a member of staff decide to disable two-factor authentication at a later date, they can simply click the Click here to disable button which will appear in the same location.
Force Settings
On the left hand side of the Two-Factor Authentication page are two Force Settings. Ticking these options will require clients and/or staff to configure two-factor authentication upon next login, they will be presented with a prompt showing them the two-factor authentication instructions and will not be able to proceed until registration is complete.