Two Factor Authentication
Intro
WHMCS offers three forums of Two-Factor Authentication as of WHMCS v5.2
DuoSecurity
Once activated activation for each individual user is done in the "My Account" tab.
Time Based One-Time Passwords
Time Based One-Time passwords requires downloading an OATH application onto your smartphone or tablet, and optionally a bar-code reader.
Once activated a pop-up screen will present a QR code, with optional manual code to enter into your smartphone or tablet. Once scanned or entered, a time based one time password will appear within your OATH application providing the second form of verification used to log in.
Additionally, a backup code is presented which should be stored in the event that your smartphone or tablet is not accessible and you wish to gain access into WHMCS.
YubiKey
YubiKey creates a one time password stored within a USB drive that acts as a keyboard to your computer.
Activation and Installation details can be found at Yubico's website Here