Here’s one simple way we make your content more secure

Read Time 3 Mins
Product
Updates & Product Tips

In the online world, how can you be sure that someone really is who they say they are?

This isn’t a philosophical conundrum, but a practical consideration when designing web security. Learnosity’s Admin Applications team asked itself the same question while working to provide more protection for our Author Site.

From the get-go, the team knew the solution needed was adding another layer of authentication upon login.

Authentication, which is the process of confirming that a user is who they claim to be, can be done through many general methods called “factors”.

Some common factors include asking users to provide something they know (like a PIN or password), something they have that’s unique to them (like a mobile phone or other physical object), something they are (like a fingerprint or other biometrics), and even information about somewhere they are.

Most people will be familiar with using a single factor when authenticating online: a password, which is something you know. Two-factor authentication, or 2FA, adds an extra factor to this.

Some common factors include asking users to provide something they know (like a PIN or password), something they have that’s unique to them (like a mobile phone or other physical object), something they are (like a fingerprint or other biometrics), and even information about somewhere they are.

For example, you’ve probably seen many sites now asking you to use your mobile phone as a second factor – something you have.

Using a credit or debit card at a physical store is another common example of 2FA. Generally you need to have the physical card or an app that acts as your card (something you have), as well as a 4+ digit PIN (something you know) to verify that you’re the actual cardholder.

This is the tried-and-tested security process of 2FA, which Learnosity now allows you to enforce upon login to its Author Site.

When developing our new 2FA feature on the Author Site, we spent a good chunk of time researching our options. Ultimately, we decided to follow our own advice and work with tools that are designed to do the heavy lifting for us.

Buying this feature allowed us to follow the common security practice of relying on existing solutions that are well vetted, instead of trying to build our own from scratch. Thanks to these decisions, our 2FA is backed by services with SOC 2 and ISO privacy and security certifications.

Three people stand in front of ATMs.
You use 2FA every time you withdraw money from an ATM.

Why increase Author Site security?

Learnosity’s Author Site lets customers create, edit, and manage the items and activities saved in their item banks. For many businesses this content is important intellectual property and, in some cases, even a major source of direct income.

Requiring 2FA in order to access this content through the Author Site adds an extra layer of security for these important assets.

Not using 2FA makes it easier for malicious actors to access item bank information using a user account with a compromised password. This could result in major issues like:

  • Unauthorized access to and redistribution of your item bank content.
  • Undetected, malicious changes to your item bank content.
  • Loss of your item bank content.
Not using 2FA makes it easier for malicious actors to access item bank information using a user account with a compromised password. Click To Tweet

The growing need for 2FA

Enforcing 2FA for Author Site users makes it significantly more difficult for attackers to access your content, even if they’re able to somehow acquire your user password.

Learnosity’s 2FA implementation helps protect against compromised passwords because the second factor is an unpredictable time-based code, which is only valid for a few minutes and can only be used once.

It would be very difficult for an attacker to pass both factors of authentication. And because of the one-time nature of the code, the same information cannot be re-used for future attacks.

A masked hacker attempts a cyber attack.
“It would be very difficult for an attacker to pass both factors of authentication. And because of the one-time nature of the code, the same information cannot be re-used for future attacks.”

One of the top cybersecurity threats of the last few years is phishing – the use of deceptive emails or other means of communication to convince users to share their personal information like passwords. Generally, this is done through imposture with the attacker pretending to be a legitimate entity, like an admin member of your bank or a customer support agent from Amazon or eBay.

These attacks are constantly growing more sophisticated and harder to detect. Because of this, many of our customers have asked for two-factor authentication wherever possible in order to protect both their employees’ information and their business assets.

One of the top cybersecurity threats of the last few years is phishing – the use of deceptive emails or other means of communication to convince users to share their personal information like passwords. Click To Tweet

How to switch on 2FA

2FA can be turned on at either the customer or item bank level and is done by contacting Learnosity Support.

Read more about enforcing 2FA on the Author Site in our Enforcing Two-Factor Authentication Author Guide article.

Images courtesy of Chris Barbalis, Yunming Wang, & Nahel Abdul Hadi | Unsplash.

Tyler Nienhouse

Software Engineer

More articles from Tyler

Let’s make it official

Get behind the scenes at Learnosity with quarterly insights, inspiration, and updates.