How does KH protect our root password?


Game Server Specialist

In light of recent social engineering hacking at WHMCS, I would like to understand how KH protects our root password, and how requests for changing or a reset are handled.

Password reset request must be received from one out of two authorized email addresses on file.
What if the billing login is hjacked and the emails are changed?

Is there anyway to enable additional security measures?
Request authentication for password reset is done based on the email address of whoever created ticket. As for billing information - please feel free to open a ticket with the billing team to discuss this.