Feature Requests
Share ideas, discuss and vote on requests from other users in community
This object is in archive! 

Two-factor authentication in mobile version

Cas Eliëns shared this idea 6 years ago
Under Consideration

Right now, if a user logs in to the mobile version of WHMCS they will not be required to enter a two-factor authentication code. Even if they do have it set up in their account!

Then when the user changes the URL to the regular desktop version, they will be logged in without having to enter a two-factor authentication code.

This is a severe security flaw as it allows anyone to completely bypass two-factor authentication.