You may notice many failed login attempts to your clients and we would like to protect them from being hacked or something like that by banning clients for failed login attempts (similar to the admin) this feature is important and useful.
[u]Vote for it.[/u]
Client Area Brute Force Protection
I wonder how WHMCS didn't implement brute force protection for client users till now,Every one can use simple brute force methods to hack in our clients passwords.Please implement this simple feature ASAP.
Login to post a comment.
2FA and Strong Passwords are enough security. Those Systems where Users banned for an time of 15 Minutes or so on are very unresponsive and makes customers angry.
Is there any reason for WHMCS *not* to implement this?
Thanks for taking the time to submit this idea and for everyone's votes.
I'd just like to take a moment to speak about the benefits of Two Factor Authentication. With two factor authentication enabled, a malicious actor cannot access a client's account - even with the genuine password. Two factor can be made mandatory for clients to login via Setup > Staff Management > Two-Factor Authentication > Force Clients option.
If using DuoSecurity for two-factor authentication, you can even temporarily prevent further authentication attempts after a certain number of failures.
Please do continue to vote and comment on this suggestion.
You can't force all clients to use 2-Factor Authentication why? simply not all clients using smartphones :)
So if we added this feature like the admin area it would be very good step and i think it's very easy to include it in a future update this will prevent anonymous clients accounts login attempts.