Feature Requests
Share ideas, discuss and vote on requests from other users in community
 
This object is in archive! 

Better Search Feature, Ask client for security & Few ideas

No Thank You shared this idea 6 years ago
Under Consideration

There are some singlar ones but not one of our main requirements. So thought I'd start a new one aiming at all things we require as a Hosting business industry.

We need the Admin Search tool to work with:

- Order Numbers [They say if you have any questions tell us the order number, we can't search it on whmcs, we'd have to go to orders > list orders. I personally believe it would be nice for us to search it in once place on the whmcs.]

- Transaction IDs [A client says my transaction ID is: 0000000 we can just search it and pull up the account]

=================================================

Customer Security:

On sign-up, ask the client if they would like to setup Two Factor Authorization or if they wish to skip it.

==================================================

Administrator Security:

Sometimes administrators can't log in, and or lost their backup code or removed it from their phone by mistake, this leads to being locked out completely. On clients we can turn if off for them, this I believe is a must for Administrators but can only be done by the Two-Factor Authentication of the user editing the account.

=======================================

Customer Account Two Factor Auth Security:

Some WHMCS customers want to prevent authorization for all admins to see / edit the customer account, why don't we have this system where Full Admins can see the accounts / edit them, however they must use either their Two-Factor Authentication code.

If they aren't a Full Admin, they must get a code from the customer, they go to a page like: https://whmcs.com/members/verifyaccount.php. They then enter their Postcode and Security Answer with a code sent to the email address on record. If they have Two-Factor Authentication enabled they can just enter that code to get a Verfication code for the Administrator.

The administrator then enters that code with their Two-Factor Authentication. After confirmation they can edit the account.

This must be a on / off feature on the Two-Factor Authentication page.

I hope people like with my ideas :)

Comments (1)

photo
1

You have come up with some great options, I do feel though that sensitive client data should be behind an authentication process, i dont know maybe ask for so many characters from their pin, or certain set of characters that is chosen by the system at the time of access.

I can see why this might be troublesome in some cases, but i think my addition onto your two factor might very well be something that could work, What i mean is, i would love to think we can trust all employees but sadly this is just not the case, i think it would be better to take a couple of small precautionary steps for all employees than risk unchecked unrestricted access to a rogue employee.