Two-Factor Authentication (2FA) is being introduced to our LMS to provide an enhanced layer of security for all users with elevated permissions, which includes instructors and above.
Why are you adding 2FA to my site?
The Federal Trade Commission (FTC) announced significant new information security requirements for non-bank financial institutions subject to the Gramm-Leach-Bliley Act (GLBA). As part of our obligation to the GLBA requirements to secure data, we have added two-factor authentication (2FA) for our users with additional levels of access to user data.
Do I need to do anything before 2FA is introduced?
This enhancement will go live for users with elevated permissions automatically in the coming month. We recommend verifying that the email address you use to log in is correct and that you have full access to the associated email inbox so you can receive the verification code.
How often will I have to authenticate?
Users with elevated permissions will be asked to authenticate when they:
- Have not authenticated within the permission-specific timeframe:
- User Admins: 24 hours
- Instructors: 30 days
- Switch between browsers on their current device
- Access the site from a new or different device
- Access the site from a new location/IP address
- Update your username or password under User > Settings
*Note: If you have satisfied the requirements noted above but are being asked to authenticate multiple times, please clear your internet browser cache and cookies.
How long is the verification code valid after I receive the email?
The verification code is generated to send immediately after the user with elevated permissions clicks the Login or Sign In button. The code is good for ten (10) minutes from the time it is generated.
How long does it take to receive the email with the verification code?
Emails are generated and queued to send immediately upon the user signing in. It may take 1 - 3 minutes for the code to send, depending on server traffic. A new code may be generated by the user if the code is not received within the 10-minute timeframe.
If you do not see the code within the first 3 minutes after signing in, please verify that your email address is correct and that the email is not in an alternate folder, like a spam, trash, or junk folder. It may also be sorted by some email servers into other tags, so please check your email accordingly.
Can I use an old or previously received code?
No, a new code must be generated if needed. The verification code is automatically generated and will send to the user's email account as shown on the site.
Please note that if you click Send a New Code on the Verification Code pop-up box, you will need to use the new code that you will receive in a new verification code email.
I no longer have access to my current email / the email address I use to log in. What should I do?
Please update your email address on the site immediately. Our team is unable to view the codes sent and cannot resend the same verification email to you nor generate a specific verification code.
If you are unable to update your email for any reason or need to add an additional email for verification, please reach out to support.
What should I do if I don't receive the verification code?
Please do the following:
- Check your inbox again after another minute has passed. If site traffic is high, it may additional time for emails to send.
- Check your spam/trash/junk folder.
- Check your email address to ensure it is spelled correctly and that you have access to the associated email inbox.
If the above steps have not resolved the issue, please contact support.
Can I opt out of 2FA?
No, due to the GLBA requirements, you are unable to opt out of this enhancement.
If you have any questions or need help, send us a note at email@example.com!