Time Based Tokens
Time Based Tokens work with any OATH software such as Authy (Android & iOS), Google Authentication for Android, or Apple’s OATH Token App for example.
Once activated, users will be required to provide a second form of Authentication that only they have access to. This Authentication comes in the form of a 6 digit passcode that expires every 30 seconds.
How does it work?
Upon initial signing once Token Based Two Factor Authentication is activated, users will be presented with a QR code to scan using their smartphone or tablet device. Once this is scanned, their device will then store authorization to generate a pass code and authentication to your WHMCS installation.
Every 30 seconds, a new 6 digit code will be generated through their OATH application of choice which will be used as their second form of Authentication during login to your respective application.
Why do I need this?
Many individuals tend to use the same password for all of their login points. In the event that a malicious users gains access to one login of you or your staff, they could potentially gain access to all other login-required sites.
Two-Factor Authentication puts a stop to that by requiring users who successfully login in with a user & password combination to use a physical device they posses for further verification.
What are the 2FA apps?
Authy - We recommend this app (FYI, this is not a paid marketing). With Authy’s multi-device functionality, your 2FA tokens automatically sync to any new device you authorize and, if a device is lost, stolen, or retired, you can de-authorize it from any authorized device just as quickly. Since Authy is available for Android, and iOS mobile devices, and for Windows, Apple Watch, and even your desktop, you can use Authy to stay protected from all devices simultaneously.
Authy Android | Authy iOS
Google Authenticator - Build by Google (Of course!). Basically the same as Authy but no multi-device functionality. Which means if you change your devices, you will need to redo all your authentication for all your application/platform. If you very concern about multi-device sync, then, Google Authenticator is the best choice for you.
Google Authenticator Android | Google Authenticator iOS
There are others such as Microsoft Authenticator , DUO Security, LastPass Authenticator.