This is needed!!! Especially if an account holder allows for sub-accounts with full control - the sub account has their own email login and therefore should also have the option to use two step auth with time based tokens (and should be mandatory - to use time based tokens on sub-account if the primary account holder activated two-step authentication)
This is a serious security risk that needs to be addressed urgently. We must all continuously improve our security protections. This change should be implemented urgently and I would urge you to escalate it to top priority for immediate action.
If you make 2FA mandatory for customers, sub-accounts can't login at all as they can't set up 2FA but are trapped in redirects to the 2FA page. This should be considered a bug not a feature request. Fix this please, WHMCS.
Is there any update on this? It kind of defeats the purpose of 2FA if the sub-accounts can't have it enabled. Kind of like Putting bolts on the door but leaving your windows open.
I like this idea
This is needed!!! Especially if an account holder allows for sub-accounts with full control - the sub account has their own email login and therefore should also have the option to use two step auth with time based tokens (and should be mandatory - to use time based tokens on sub-account if the primary account holder activated two-step authentication)
This definitely needs implementing asap - exactly for the reasons previously mentioned.
Yeah, actually two-factor is useless when some one can use the sub-account to login.
This is a serious security risk that needs to be addressed urgently. We must all continuously improve our security protections. This change should be implemented urgently and I would urge you to escalate it to top priority for immediate action.
Yes, this is definitely needed.
If you make 2FA mandatory for customers, sub-accounts can't login at all as they can't set up 2FA but are trapped in redirects to the 2FA page. This should be considered a bug not a feature request. Fix this please, WHMCS.
This is crazy there is a bug that redirects to 2FA page if you are a contact! Must FIX!!
Is there any update on this? It kind of defeats the purpose of 2FA if the sub-accounts can't have it enabled. Kind of like Putting bolts on the door but leaving your windows open.
I don't understand why this was left out in the first place. It makes no sense.
+1
This is a big security issue. Otherwise, why bother offering 2FA at all?
How is this not implemented already?
Comments have been locked on this page!