View Single Post


Old
  Post #6 (permalink)   05-18-2016, 07:07 AM
whmcsguru
HD Master
 
whmcsguru's Avatar
 
Join Date: May 2016
Posts: 285
Send a message via Skype™ to whmcsguru

Status: whmcsguru is offline
I wouldn't really recommend password changes, or password strength requirements, as this will just cause more security issues down the road.

As far as storing their card, don't do it directly, but go with a token based processor, such as Quantum Vault or authorize.net or even stripe. Make them do the heavy lifting for you.

Adding to the above post though, let your users know somehow when they last logged in, what IP from. Why? If they don't recognize it, they'll contact you.

Make sure you store all logins for the customer. Time, date, ip, hostname. Why ? It'll make things much easier for you in the longrun.

Security questions are good, but don't make them too good. Remember, not everyone is married, dating someone, has a car, drives, has a pet. Stick with the basics, and allowing them to write their own question is always a good thing.
__________________
WHMCS Guru - WHMCS addons, management, support and more.
WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to your WHMCS install!
WHMCS User and IP Extended Control - Take control of your WHMCS install
Linux admin, WHMCS Guru for hire. PM me for more information