To activate Two-Factor Authentication for a WHMCS installation, follow the steps below:

1. Log in to your WHMCS Administration Area.

2. Navigate to Configuration > System Settings > Two-Factor Authentication (Setup > Staff Management > Two-Factor Authentication in WHMCS 7.10 and earlier).

3.  Click Activate under the service that you would like to enable. For example, for Time Based Tokens:

4. Select one or both of Enable for use by Clients and Enable for use by Administrative Users:

5. Click Save.

These steps can be repeated for each service that you would like to enable.

Some extra steps are required to configure the DuoSecurity and YubiKey methods. Details are in our documentation: https://docs.whmcs.com/Two-Factor_Authentication#DuoSecurity

Now administrator users can start using two factor authentication for their accounts.

The following steps demonstrate how Admin Users can setup Two-Factor Authentication on their account using the Time Based Tokens service:

1. From the Admin Area, navigate to Account > My Account (My Account in WHMCS 7.10 and earlier).

2. Toggle Two-Factor Authentication to On.

3. Select Time Based Tokens.

4. Click Get Started.

5. Scan the QR code with an authenticator app such as Google Authenticator or Duo Mobile.

6. Enter in the 6-digit code that the authenticator app generates.

7. Click Submit.

8.  Record the Backup Code in a safe place.

9. Click Close.

Two Factor Authentication is now set up for this administrator, and will be required when they login in future.

Staff can also be forced to configure Two Factor Authentication on their next login.