Product Updates

Security Enhancements: 2FA, Email Verification, reCAPTCHA, Password Strength and Signup Approval

7 min
Security enhancements_Blog

At LearnWorlds, we treat security requirements as a priority. We believe that it’s fundamental to offer a platform that provides the highest quality of service while at the same time doesn’t compromise on any aspect of our customers’ – and, by extension, their learners’ – security and privacy.

As we continue to work on additional features, we want to ensure that our customers are aware of every new security mechanism they can deploy to protect their online academies.

This is why, in addition to our existing security protocols, we’re introducing some new security enhancements that will help you keep your school websites safe and secure.

Strengthen your Academy Security with 2-Factor Authentication (2FA)

In our ongoing commitment to providing the highest level of security for our users, LearnWorlds is introducing 2-Factor Authentication (2FA) for all Users except School owners, available on all plans:

With 2-Factor Authentication (2FA), school admins can now activate either optional or mandatory two-step verification for all Users, or choose the desired setting per User role

How to enable and configure 2-factor authentication (2FA) for your school

To enable the setting, navigate to Site Builder → Sign in/up → LearnWorlds

2fa_settings

With 2FA enabled, when a User logs in, it is required to enter a One Time Password (OTP) received via email or an authenticator app.

This additional layer of security ensures that only truly authorized users can access their accounts, providing an extra level of protection against potential cyber threats.

2fa_method

💁 To learn more about the user experience when the 2-Factor Authentication (2FA) is enabled and discover all the available settings, please visit our Help Center article here.

Eliminate Inaccurate and Fake Addresses with Email Verification

With our new Email Verification setting, users that sign up to your school must first confirm their email address before they are allowed any access to your school.

Using this setting, you can verify that the email address registered during the signup process is accurate and up-to-date, ensuring your Learners will always receive important communication from your School — while simultaneously reducing high email bounce rates and their domino effect on deliverability.

Email Verification can be used as an extra layer of security, allowing you to ensure that only legitimate users have access to your School and its Learning Activities. By enabling it, you will prevent any malicious actor from impersonating a legitimate user using their email address without having access to that particular Inbox.

How to Enable and Configure Email Verification for Your School

To enable the setting, navigate to Site Builder → Sign in/up → Email Verification

EmailVerification_setting

You can also adjust the verification email by navigating to Settings → Notification Emails → Registration Emails → Email Verification

EmailVerification_email

How will your learners experience the email verification process?

When a new User signs up to your School, a “Verification Pending” landing page is displayed, and the User cannot navigate further into your School until the email address is verified:

VerificationPending

You can edit the copy or fully customize this landing page by navigating to:

Site Builder → Edit School Site → Manage all pages (under the System Pages group)

💁 To learn more about the user experience when Email Verification is enabled and discover additional settings and tips, please visit our Help Center article here.

Use reCAPTCHA to Eliminate Fake User Traffic and Bots

LearnWorlds now integrates with reCAPTCHA v3, a Google service offered as an out-of-the-box solution for an always-on traffic analyzer that detects fake user and bot activity that tries to access your academy’s website.

With reCAPTCHA, you can safeguard your school’s website from illicit activities like fraud and misuse while minimizing disruption to legitimate users. The underlying technology uses an advanced Risk Analysis Engine to identify malicious traffic and adaptive challenges to prevent fraudulent users and software from taking part in hostile activities on your website.

Without creating friction for your learners by forcing them to go through the tedious process of solving word and image puzzles, you can use reCAPTCHA to protect your academy’s website from any unauthorized activity, including content pilfering and scraping, fake user sign-ups, account takeovers, and credential stuffing.

What parts of your school are protected

reCAPTCHA v3 will never interrupt your learners, so you can enable it whenever you like without affecting conversion.

When enabled, reCAPTCHA will be active on:

How to enable and configure reCAPTCHA for your school

To obtain the keys needed for our reCAPTCHA integration, you must visit this link and log in to the reCAPTCHA admin console with your Google account. Then follow the steps in our support article to obtain the keys.

Go back to your LearnWorlds school in Site Builder → reCAPTCHA, copy each of the keys and paste them into the respective field:

How will your learners know that a form is protected?

When a form is visible, the reCAPTCHA icon will appear at the bottom right corner of the screen:

Strengthen Your Learners’ Account Security by Setting Strong Password Requirements

A strong password is the first line of defense against unauthorized access.

Any account with an easy-to-guess password can be hacked in seconds. To avoid account hijacking by a malicious actor who guesses or brute-force attacks one of your learners’ username and password combinations, it is imperative to ensure your learners’ passwords are strong and difficult to guess.

Starting today, we are introducing a streamlined website setting that will allow you to enable and define strong password requirements for your learners. This will ensure that user passwords are incredibly difficult to guess and remain secure.

We encourage all LearnWorlds customers to take advantage of this new setting and ensure all their users’ passwords, especially those with crucial administrative access, are as strong as possible.

How to configure password strength settings for your school

If you want to enable strong password requirements for your learners, you have to visit your School’s Admin dashboard and navigate to:

Site Builder → Site Settings → Sign in/up → Password strength

By configuring these rules, you can require your learner’s passwords to consist of either one or all of the options below:

Take Control of your School’s Gatekeeping Process Using Signup Approval

Suppose you have some specific eligibility criteria for your learners, such as when running an exclusive educational community for experts, or you wish to maintain a waitlist for admissions. You may also want to employ a screening process as an additional security measure before allowing any kind of access to your school.

In these cases, you can establish an additional gatekeeping step by enabling Signup Approval to provisionally restrict and reduce the risk of unauthorized access. The newly added Signup Approval setting is available on the Users dashboard page:

Users → Signup Approval → Setup

enable-approval-signups

Provisionally restrict access to your school

Using the new Signup Approval workflow, you will be able to provisionally restrict access and determine whether to accept or reject a learner after they complete their sign-up process.

Additionally, you can use this method to open up your school’s website for Sign-ups before any learning activities or courses are published. Newly registered users will subsequently be able to access your academy only after an admin has accepted their Sign-up request.

approval-sign-ups

How to use the Signup Approval Workflow in conjunction with sign-up and qualification forms

To collect the necessary data in order to better inform your access decisions, you can also use the Sign-up and Qualification forms.

By enabling additional Custom Fields on the Sign-up form, you will be able to gather additional information you might need from your learners.

custom-signup-fields

You also have the option to require completing the Qualification form as a mandatory step before an access request is created, further enriching the amount of information you have on hand with assets like file uploads and short recordings of audio or video before allowing access to your academy.

 

qualification-form

💡 The Signup Approval security workflow is now available on our platform!

Discover the Benefits of our Latest Security Enhancements

As cybersecurity threats become increasingly sophisticated and complex, these additional enhancements joining the suite of our existing security protocols make LearnWorlds one of the most robust and secure eLearning platforms available.

 

These enhancements will assist in preventing malicious actors from taking part in any hostile activity on your website while, on the other hand, legitimate and authorized users will still be able to create accounts, log in, make purchases or browse your website without any significant user experience friction.

Your professional looking Academy in a few clicks

Start FREE Trial
(Visited 3,422 times, 1 visits today)
Evangelos Tsintzas
Product Marketing Manager at LearnWorlds

Evangelos is a Product Marketer with experience in SaaS, B2B and B2C companies focusing on Product-Led growth and & CX Marketing. He's a Web 3.0 & Tim Berners-Lee's Semantic Web enthusiast, enjoys producing music "in-the-box" and gaming competitively.