Enable two-factor authentication for client sub-accounts.
This is needed!!! Especially if an account holder allows for sub-accounts with full control - the sub account has their own email login and therefore should also have the option to use two step auth with time based tokens (and should be mandatory - to use time based tokens on sub-account if the primary account holder activated two-step authentication)
This definitely needs implementing asap - exactly for the reasons previously mentioned.
Yeah, actually two-factor is useless when some one can use the sub-account to login.
This is a serious security risk that needs to be addressed urgently. We must all continuously improve our security protections. This change should be implemented urgently and I would urge you to escalate it to top priority for immediate action.
Yes, this is definitely needed.
If you make 2FA mandatory for customers, sub-accounts can't login at all as they can't set up 2FA but are trapped in redirects to the 2FA page. This should be considered a bug not a feature request. Fix this please, WHMCS.
Comments have been locked on this page!