20 March 2024
What is MFA and how does it work on your LMS?
Kenny McCormack
Senior Solutions Architecht
Find out more about MFA and why it’s important for your LMS.
MFA (multi-factor authentication) or 2FA (two-factor authentication) is a way of authorising logins based on more than one method.
In other words, having a username and password is not enough to access the account. You need at least one other form of authentication to login.
When a website or system you’re using asks you to enter a verification code that is shared with you via email, SMS or an authenticator app — as well as entering your username and password — these are all examples of multi-factor authentication.
Why is MFA useful?
Increased password security
MFA provides an extra layer of security. Even if the password is compromised, that’s not enough for a hacker to be able to login. As such, it’s an extremely useful LMS password management tool and a simple but very effective way to make your LMS more secure.
Cyber Essentials compliance
Multi-factor authentication is a cyber security best practice and is a requirement for your organisation to achieve the Government’s Cyber Essentials certification. The Cyber Essentials requirements state that your organisation must “implement MFA, where available – authentication to cloud services must always use MFA”.
It may also be a requirement for your organisation to achieve regulatory compliance or meet the conditions of an insurance policy.
Greater access control
Multi-factor authentication helps you to control who has access to your LMS and the valuable information and data it holds.
The increase in security from being able to gain access using a password alone makes it far more difficult to infiltrate your learning platform.
More secure remote learning
If your users or administrators access your LMS remotely, it can be more difficult to detect suspicious logins than when everyone is using the same network.
Multi-factor authentication takes away that worry. Only genuine users will be able to login to the platform.
How to add MFA to your LMS
It’s easier than ever to introduce multi-factor authentication to your LMS. The latest versions of Totara Learn and Moodle LMS both have options to add MFA to your LMS.
In both cases, users will also require a third-party authenticator app to be able to log in. Google Authenticator and Microsoft Authenticator are both examples of authenticator apps that are free, readily available and in widespread use.
Adding MFA to Totara
To enable MFA in Totara you’ll first need to upgrade to Totara TXP 18. You will then be able to set up multi-factor authentication for your site administrator account from within Totara.
Adding MFA to Moodle
To enable MFA in Moodle LMS you’ll need to upgrade to Moodle 4.3 or later: You will then be able to choose from various options to configure multi-factor authentication for your LMS.
Ready to add MFA to your LMS?
Talk to us about enabling MFA on your LMS or upgrading to a version of your LMS that includes multi-factor authentication as standard.