TivroPassKeys brings biometric passkey authentication to your WHMCS client area. Face ID, Touch ID, Windows Hello — one tap to sign in.
A complete passkey system built specifically for WHMCS — with zero compromises.
Face ID, Touch ID, Windows Hello, Android fingerprint — any FIDO2-compatible authenticator works instantly.
Optionally allow password login as a fallback so clients are never locked out. Configurable per your policy.
When a passkey isn't available, clients receive a one-time code via email to complete login securely.
Require OTP verification when a client logs in from a new IP or unrecognized device for extra security.
Choose from 12 pre-built button styles or use the custom color picker to match any WHMCS theme perfectly.
Built-in brute force protection with configurable rate limits per IP and per client account.
Alert clients when a new passkey is registered, removed, or when suspicious login activity is detected.
Works on every WHMCS login URL — /login, ?rp=/login, login.php — any theme.
Full activity log of every passkey event — registrations, logins, revocations, and suspicious activity.
Upload the addon to your WHMCS modules folder, activate it in the admin panel, and enter your license key. Done in under 2 minutes.
Choose your authentication policy — require passkeys, allow fallbacks, set step-up triggers, pick your button theme. Full control.
Clients register their device once from their account page. From then on — one tap with Face ID or fingerprint to sign in.
12 pre-built styles plus a custom color picker. The button fits seamlessly into any design.
Passkeys use public-key cryptography. Your client's secret never leaves their device.
Passkeys are cryptographically bound to your domain. Fake login pages can't steal them.
Built on the W3C WebAuthn standard — the same technology used by Google, Apple, and Microsoft.
Every passkey event logged with IP, timestamp, and device info. Full accountability.
Manage every aspect of passkey authentication from a clean WHMCS admin interface.
Enable or disable passkeys site-wide instantly without touching any code.
Require passkeys, allow fallbacks, set OTP policies — all toggle switches.
12 themes + custom color picker. Live preview before saving.
See all registered passkeys per client. Revoke any credential with one click.
Full event log with filters. Export or review any authentication event.
POST security events to Discord, Telegram, or any JSON endpoint.
Give your WHMCS clients the login experience they deserve. Fast, secure, modern.
Get TivroPassKeys — $14.99