The Learnosity Author Site can now enforce two-factor authentication when users log in to help enhance the security of your Item Bank content stored with Learnosity.
If you already have two-factor authentication enabled and need help setting it up or signing in, check our guide for solving common two-factor authentication problems.
What is Two-Factor Authentication?
Two-factor authentication requires two methods of confirming a user’s identity before a user is permitted to access the Author Site. In addition to a user’s usual password (“something they know”), a user must also supply a time-based code generated by an authenticator app which is usually on their mobile phone (“something they have”). Two-factor authentication is sometimes referred to with the acronym “2FA” (2-factor authentication) or “MFA” (multi-factor authentication).
Why should you enforce Two-Factor Authentication?
Requiring your users to use two-factor authentication makes it much harder for malicious actors to access your Item bank(s) through the Author Site. The added layer of security can help prevent major incidents such as the following:
- Unauthorized access and redistribution of your Item bank content,
- Undetected, malicious changes to your Item bank content, or
- Loss of your Item bank content.
This is especially effective against phishing attacks where a malicious party may acquire a user’s password by convincing the user they are a legitimate representative of Learnosity or your own company. Even with the password, the malicious actor must also acquire and use a valid time-based code from the user’s authenticator before it expires, which is only a few minutes after it is generated.
How can Two-Factor Authentication be enforced?
You can have two-factor authentication enforced for your users when they log into the Author Site. This will require that they set up two-factor authentication and complete the additional authentication step for all future logins to the Author Site. This can be turned on by contacting Learnosity Support and can be enabled at two different levels:
By Customer Account
This level of enforcement applies to all users registered in your customer account with Learnosity. While every Learnosity customer account is unique, generally this equates to requiring all users within your company to use two-factor authentication.
By Item bank
When enforced at the Item bank level, it applies to all users with access to the configured Item Bank. This may be desired for setups where an Item bank can be accessed by multiple customer accounts, such as:
- Licensed Item banks,
- Item banks accessed by development or content creation partners, or
- Other situations where you provide 3rd party access to your Item bank(s).
This configuration can affect Learnosity users outside of your own company, and will require additional review by our support staff.