Two-factor authentication adds an additional layer of security by introducing a second step to your login. It takes something you know (i.e.: your password), and adds a second factor, typically something you physically have (such as your phone). Since both are required to log in, in the event an attacker obtains your password two-factor authentication would stop them from accessing your account.
Why do I need it?
Passwords are increasingly easy to compromise. They can often be guessed or leaked, they usually don’t change very often, and despite advice otherwise, many of us have favourite passwords that we use for more than one thing. So Two-factor authentication gives you additional security because your password alone no longer allows access to your account.
How does it work?
Time Based One-Time passwords requires downloading an OATH application onto your smartphone or tablet, and optionally a bar-code reader. Once activated a pop-up screen will present a QR code, with optional manual code to enter into your smartphone or tablet.
Once scanned or entered, a time based one time password will appear within your OATH application providing the second form of verification used to log in.
Additionally, a backup code is presented which should be stored in the event that your smartphone or tablet is not accessible and you wish to gain access into WHMCS.
How do I enable Two Factor Authentication?
To enable Two Factor Authentication, visit https://www.whmcs.com/members/clientarea.php?action=security with your smartphone or tablet at the ready.
Click the green "Click here to Enable" button. Then follow the on-screen prompts.