View Single Post

  Post #6 (permalink)   05-18-2016, 07:07 AM
HD Master
whmcsguru's Avatar
Join Date: May 2016
Posts: 360
Send a message via Skype™ to whmcsguru

Status: whmcsguru is offline
I wouldn't really recommend password changes, or password strength requirements, as this will just cause more security issues down the road.

As far as storing their card, don't do it directly, but go with a token based processor, such as Quantum Vault or or even stripe. Make them do the heavy lifting for you.

Adding to the above post though, let your users know somehow when they last logged in, what IP from. Why? If they don't recognize it, they'll contact you.

Make sure you store all logins for the customer. Time, date, ip, hostname. Why ? It'll make things much easier for you in the longrun.

Security questions are good, but don't make them too good. Remember, not everyone is married, dating someone, has a car, drives, has a pet. Stick with the basics, and allowing them to write their own question is always a good thing.
Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
+1 - 866-546-8914 / skype - admin_139201 / twitter/facebook - @whmcsguru