For end users, two-factor authentication can be a problem. It's annoying to have to use a device to access a client area. For service providers, it can be a vital additional layer of protection for users' accounts. Services like Duo can be expensive so there must be a middle ground. The vast majority of Internet users utilize dynamic IPs. That doesn't mean they change often. Usually, a user's IP will only change after their router has been rebooted. For example after a power cut. Many other users will use a VPN which is more than likely to have a fixed IP. The middle ground is therefore the user's IP address.

WSC Pro provides the ability to lock customer IP addresses to WHMCS client accounts. WSC will record the client's IP on the client's profile. Upon login by the customer, WSC checks their current IP against the WSC protect log. If the IP appears in the log the login is allowed to proceed. If the IP does not appear in the log. WSC will force Two-factor authentication. A login code is sent to the customer's email address. The code is entered to allow login and to whitelist the new IP address.