The security of our client's content, implementation, and employee data is important to us. Learnosity recommends all clients opt-in to two-factor authentication to enhance the security of your data stored with Learnosity.
If you already have two-factor authentication enabled and need help setting it up or signing in, check our guide for solving common two-factor authentication problems.
What is Two-Factor Authentication?
Two-factor authentication requires two methods of confirming a user’s identity before a user is permitted to access Learnosity sites (Author site and Console site). In addition to a user’s usual password (“something they know”), a user must also supply a time-based code generated by an authenticator app which is usually on their mobile phone (“something they have”). Two-factor authentication is sometimes referred to with the acronym “2FA” (2-factor authentication) or “MFA” (multi-factor authentication).
Why should you enforce Two-Factor Authentication?
Requiring your users to use two-factor authentication makes it much harder for malicious actors to access your Item bank(s) through Author Site. As Console Site hosts critical implementation information, two-factor authentication protects clients solely using the Author API as well.
The added layer of security can help prevent major incidents such as the following:
- Unauthorized access and redistribution of your Item bank content,
- Undetected, malicious changes to your Item bank content,
- Disclosure of your team's Learnosity account information, or
- Unauthorized access to your Learnosity implementation and data stored in the responses database
This is especially effective against phishing attacks where a malicious party may acquire a user’s password by convincing the user they are a legitimate representative of Learnosity or your own company. Even with the password, the malicious actor must also acquire and use a valid time-based code from the user’s authenticator before it expires, which is significantly more difficult given the code changes every minute.
We highly encourage all clients using Console site to adopt 2FA, but this is particularly important for clients with high-stakes testing content, or item bank content that is a key part of your value proposition.
What will Two-Factor Authentication change?
Your users will need to register for two-factor authentication, and enter the one-time code in their authenticator app for all subsequent logins to Learnosity sites.
Author Site and Console Site use the same instance in your authenticator. This means you only need to register for two-factor authentication once. For more information, see What code do I use to login to Console site?
How can Two-Factor Authentication be enforced?
Two-factor authentication can be turned on by contacting Learnosity Support and can be enabled at two different levels:
By Customer Account
This level of enforcement applies to all users registered in your customer account with Learnosity. While every Learnosity customer account is unique, generally this equates to requiring all users within your company to use two-factor authentication.
By Item bank
When enforced at the Item bank level, it applies to all users with access to the configured Item Bank. This may be desired for setups where an Item bank can be accessed by multiple customer accounts, such as:
- Licensed Item banks,
- Item banks accessed by development or content creation partners, or
- Other situations where you provide 3rd party access to your Item bank(s).
Any user with access to this item bank will be required to use two-factor authentication on both Author Site and Console Site, even if they do not have item bank management privileges on Console.
This configuration can affect Learnosity users outside of your own company, and will require additional review by our support staff.