Log In Without a Token

Two-Factor Authentication (2FA) enhances security by adding a second step to the login process. It combines something that you know (for example, your password) with a second factor, typically from something that you have (for example, your phone).

If you enable 2FA, users and admins will inevitably need help when their device is missing or otherwise unavailable. They can regain access to WHMCS using the backup code that they received when they configured 2FA.

What Is a Backup Code?

Users and admins all receive a backup code when they configure 2FA in WHMCS. Backup codes are 16-character alphanumeric codes consisting of four four-character segments:

A backup code for 2FA

The backup code is unique for each user or admin. There is no alternative way to access the backup code after 2FA setup is complete.

Log In Without a Token for Admins

To log in to the Admin Area using a backup code:

  1. While attempting to log in to the Admin Area, click Login using Backup Code at the bottom of the page.
    The link to click on the login page
  2. Enter your backup code.
    Entering the backup code
  3. Click Login. The system will log you in and generate a new backup code.
    Make certain that you save the new backup code somewhere safe before proceeding.
  4. Go to Account () > My Account.
  5. Click Click here to Disable next to Two-Factor Authentication.
  6. Enter your password and confirm.

This will disable 2FA for the admin and allow you to set up 2FA with a new device when you have it.

Log In Without a Token for Users

To log in to the Client Area using a backup code:

  1. While attempting to log in to the Client Area, click Login using Backup Code at the bottom of the page.
  2. Enter your backup code.
  3. Click Login.

Last modified: May 28, 2024