Intro

WHMCS offers three forums of Two-Factor Authentication as of WHMCS v5.2

DuoSecurity

Once activated activation for each individual user is done in the "My Account" tab.

At next login, DuoSecurity will prompt you for a phone number and option to receive a text or phone call. After the text or phone call is received, input the authentication code to proceed.

A second optional page at initial login will prompt to download the DuoSecurity mobile application which performs push notifications allowing you to restrict or allow access under your user from your phone.

To install, follow the installation guide and proceed. Alternatively, you can skip this step and proceed to WHMCS.

Time Based One-Time Passwords

Time Based One-Time passwords requires downloading an OATH application onto your smartphone or tablet, and optionally a bar-code reader.

Once activated a pop-up screen will present a QR code, with optional manual code to enter into your smartphone or tablet. Once scanned or entered, a time based one time password will appear within your OATH application providing the second form of verification used to log in.

Additionally, a backup code is presented which should be stored in the event that your smartphone or tablet is not accessible and you wish to gain access into WHMCS.

YubiKey

YubiKey creates a one time password stored within a USB drive that acts as a keyboard to your computer.

Activation and Installation details can be found at Yubico's website Here