What is Two Factor Authentication (Beta)

Created by Michael Walsh, Modified on Fri, 16 Feb at 10:00 AM by Amanda Lowndes

Note You may not have access to this function because it is currently in beta stage of development, that means it is undergoing testing and feedback by clients involved in our beta programme.        

Two Factor Authentication (2FA) provides an additional layer of protection for your data. 2FA is more secure because in order to gain access to your LMS account, a hacker would need two authenticating factors:

  1. Know your username and password, and 
  2. Have access to either your mobile phone or email account.

        


Note 2FA Passcode from user’s email is ON by default.   

How it works

When a user successfully signs into the LMS with a username and password, we store some information about the secure device they are using so we can identify it. If the user signs in on a different device, 2FA is triggered and the user is asked for a security passcode. Depending on the 2FA option chosen, a one-time passcode is generated by:

  • An Authenticating app on the user’s mobile phone  or
  • An SMS message sent to the user’s mobile phone  or 
  • A message sent to the user’s email address.

The user enters the passcode into the LMS, it is checked and if OK the user is granted access. Information about the new secure device is stored. 

The user will not be asked for a passcode again unless they sign in on a different device.

       

Note Changes to a secure device, such as software upgrades, changes to browser settings or IP addresses may also trigger 2FA.      

Options available

Passcode from user’s mobile phone - Recommended

This option is very flexible and only works for those users who have set up their mobile phone under 2FA devices in their profile. This means, for example, you can tell just your admins to use it, or only users who are working from home and it won’t affect any other users.  

       

Note This option is only available for users that require passwords (all admin accounts require a password). To make this option available to learners, enable password protected sign in

Note This option operates after users have entered Authenticator app or SMS details into their profile.

      

Passcode from user’s email - Less secure

This option automatically applies to all your users, and is effective immediately. It sends the security passcode to the user's email address.



Off - Not recommended

This option turns 2FA off and your LMS security relies on usernames and passwords remaining secure.

       

Caution iHasco strongly recommends you enable 2FA to secure your data.

      

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article