Hide service passwords and log access
We have a lot of staff that use our billing system on a daily basis and from time to time there are staff that come and go. At the moment its very easy for staff members to write down passwords or save them to a .txt file and keep them for future use and do harm if they are fired.
I think the product passwords should be hidden with a "Decrypt" button next to them and when they click on it a password box pops up asking for their WHMCS password allowing them to see the PW and it logs the fact that they have requested a password in a Password Logs section of WHMCS
We perform audits on staff activity in WHMCS and at the moment we never know who has what password, this simple feature will allow us to see an audit log of which staff member is requesting passwords. There can also be a feature in there to let us know if a staff member has requested a product/service password more than x times in a day. If its more than normal we know something dodgy is going on.
This is a nice step forward in terms of Internal / social Engineering security.