View Single Post


Old
  Post #6 (permalink)   05-18-2016, 07:07 AM
whmcsguru
HD Master
 
whmcsguru's Avatar
 
Join Date: May 2016
Posts: 360
Send a message via Skype™ to whmcsguru

Status: whmcsguru is offline
I wouldn't really recommend password changes, or password strength requirements, as this will just cause more security issues down the road.

As far as storing their card, don't do it directly, but go with a token based processor, such as Quantum Vault or authorize.net or even stripe. Make them do the heavy lifting for you.

Adding to the above post though, let your users know somehow when they last logged in, what IP from. Why? If they don't recognize it, they'll contact you.

Make sure you store all logins for the customer. Time, date, ip, hostname. Why ? It'll make things much easier for you in the longrun.

Security questions are good, but don't make them too good. Remember, not everyone is married, dating someone, has a car, drives, has a pet. Stick with the basics, and allowing them to write their own question is always a good thing.
__________________
Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
+1 - 866-546-8914 / skype - admin_139201 / twitter/facebook - @whmcsguru