Passkey (Biometric) Security for WHMCS

Next-Generation Passwordless Authentication by eHostPK

The eHostPK Passkey Security module brings the future of cybersecurity directly to your WHMCS billing area. In an era where passwords are easily compromised, our module leverages the WebAuthn (FIDO2) protocol to allow your Clients and Admins to secure their accounts using device-native biometrics.

Whether it's Mac TouchID, iPhone FaceID, Windows Hello, or Android Fingerprint scanners, your users can now log in with a single touch—no passwords, no SMS OTPs, and no delays.

Key Benefits

• Unbeatable Security: Moving beyond traditional 2FA, Passkeys are immune to phishing and credential stuffing.
• Seamless User Experience: A lightning-fast 500ms auto-trigger prompt ensures a "Scan & Login" experience that feels native to the OS.
• Maximum Privacy: Powered by AES-256-GCM encryption, ensuring all biometric credential IDs are stored with enterprise-grade protection.

Core Features

• Passwordless Biometric Login: Full support for TouchID, FaceID, and Fingerprint sensors.
• Cross-Platform Compatibility: Works on macOS, iOS, Android, and Windows (via Windows Hello).
• Smart Multi-Session Detection: Intelligently handles separate sessions for WHMCS Admin and Client areas.
• Dynamic Identity Display: Shows Full Name ( Email ) directly on the biometric prompt for clear identification.
• Strict Security Layers: Built-in CSRF Protection and Origin Validation to prevent unauthorized API access.
• Zero Dependencies: Purely native WebAuthn implementation with no external library requirements.
• Seamless 2FA Integration: Works as a primary or secondary verification step within the WHMCS security framework.
• One-Click Registration: Effortless device linking for both staff and customers.

Technical Specifications

• Encryption: AES-256-GCM (OpenSSL)
• Standard: WebAuthn / FIDO2
• Compatibility: WHMCS 8.x & 9.x
• Installation: Simple plug-and-play module structure.