Feature Requests
Share ideas, discuss and vote on requests from other users in community
 

Hide service passwords and log access

ausandrew shared this idea 5 years ago
Under Consideration

We have a lot of staff that use our billing system on a daily basis and from time to time there are staff that come and go. At the moment its very easy for staff members to write down passwords or save them to a .txt file and keep them for future use and do harm if they are fired.

I think the product passwords should be hidden with a "Decrypt" button next to them and when they click on it a password box pops up asking for their WHMCS password allowing them to see the PW and it logs the fact that they have requested a password in a Password Logs section of WHMCS

We perform audits on staff activity in WHMCS and at the moment we never know who has what password, this simple feature will allow us to see an audit log of which staff member is requesting passwords. There can also be a feature in there to let us know if a staff member has requested a product/service password more than x times in a day. If its more than normal we know something dodgy is going on.

This is a nice step forward in terms of Internal / social Engineering security.

Comments (12)

photo
1

+1 for this feature also :)

photo
1

Or even better, just don't save the passwords! If people forget their password they'll just have to change it. Showing passwords is the most ridiculously retarded thing I've ever seen on websites. Even more ridiculous for an automation software used by so many!

photo
1

How this is still allowed is beyond comprehension.