Note You may not have access to this function because it is currently in beta stage of development, that means it is undergoing testing and feedback by clients involved in our beta programme.
Two Factor Authentication (2FA) provides an additional layer of protection for your data. 2FA is more secure because in order to gain access to your LMS account, a hacker would need two authenticating factors:
- Know your username and password, and
- Have access to either your mobile phone or email account.
Note 2FA Passcode from user’s email is ON by default.
How it works
When a user successfully signs into the LMS with a username and password, we store some information about the secure device they are using so we can identify it. If the user signs in on a different device, 2FA is triggered and the user is asked for a security passcode. Depending on the 2FA option chosen, a one-time passcode is generated by:
- An Authenticating app on the user’s mobile phone or
- An SMS message sent to the user’s mobile phone or
- A message sent to the user’s email address.
The user enters the passcode into the LMS, it is checked and if OK the user is granted access. Information about the new secure device is stored.
The user will not be asked for a passcode again unless they sign in on a different device.
Note Changes to a secure device, such as software upgrades, changes to browser settings or IP addresses may also trigger 2FA.
Options available
Passcode from user’s mobile phone - Recommended
This option is very flexible and only works for those users who have set up their mobile phone under 2FA devices in their profile. This means, for example, you can tell just your admins to use it, or only users who are working from home and it won’t affect any other users.
Note This option is only available for users that require passwords (all admin accounts require a password). To make this option available to learners, enable password protected sign in.
Note This option operates after users have entered Authenticator app or SMS details into their profile.
Passcode from user’s email - Less secure
This option automatically applies to all your users, and is effective immediately. It sends the security passcode to the user's email address.
Off - Not recommended
This option turns 2FA off and your LMS security relies on usernames and passwords remaining secure.
Caution iHasco strongly recommends you enable 2FA to secure your data.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article