This WHMCS addon module provides OATH-based two-factor authentication. You'd normally use this with a mobile app, like Google Authenticator (Free, iOS / Android).
If you are logged in as an admin, client area two-factor authentication will be bypassed.
If user input the Emergency Code, the client will get new Emergency Code with same secret. Two Factor Authentication will not disabled because logging in using Emergency Code
To install, simply download the latest release, unzip it, and upload the modules folder to your WHMCS root directory. The Links are automatically created with the new WHMCS v6/v7 Client Area Menu.
Once uploaded, go to Setup > Addon Modules in your admin area and click Activate for the "OATH Two Factor Authentication" entry. Once activated, click Configure to customize your settings.
When enabling two-factor authentication for administrators, the "Yes" option will make it optional, while "Required" will require all admins to enable two-factor authentication on their next login. You must tick off the admin role permission boxes next to the roles that you want to have access to two-factor authentication.
The former developer(s) (see Credits section) haven't updated their source for about a year. Since WHMCS v6 release their module is not compatible anymore.
Since the codebase and database is exactly the same and only minimal stuff have changed, it's safe to just repeat the Installation section and overwrite the files.
Latest tested Release: WHMCS v7.1.1.
If you discover any issues or bugs, please report them on the issue tracker.
This addon was made possible by:
This module is licensed under GPLv3. See GPLv3.txt for complete license terms.