Layering security to protect your data

Posted by: Stina Boge, Product Communication Manager, itslearning

itslearning updates security with the use of 2FA and increased password length

One of the top concerns organisations have about learning management systems is data security. Will sensitive information be vulnerable? Who will be able to access personal data and valuable online training resources?

At itslearning one of our main focuses is keeping your data safe and secure. As a part of this we have strengthened the password security in our platform and activated two-factor authentication (2FA) for all administrators.

Why should you improve your online account security?

Before addressing the questions “Why should you increase password length?” and “What is 2FA?”, let’s first consider why it’s important to improve your online account security. With so much of our lives taking place on systems and devices, it’s no wonder our digital accounts have become magnets for criminals. Regrettably, cyberattacks and breaches are big business – bad actors with an endless stream of sinister motives populate the internet, ready to pounce on insecure data and immature security practices.

With recent events in the world, several government agencies recognise a heightened possibility for cyber-attacks that may affect us in many ways. Malicious attacks against governments, companies, and individuals are increasingly common. Luckily, there are a few simple steps we can take to add an extra level of protection to both our professional and personal accounts. We’ll get back to those shortly.

Bad habits lead to…

Let’s face it, many of us tend to create terrible passwords and rarely change them. Today, every account, system, and device we need has its own password-creation rules, and it’s becoming increasingly difficult (maybe impossible) to keep track of all access keys. Writing down passwords, re-using the same one for all systems and using easy-to-remember words or phrases are problems that are a direct consequence of the overload of passwords we all must use on a regular basis. With too many passwords to remember, people often choose weaker ones that are less secure. So, what can we do about it?

Length and complexity increase strength

When we talk about password “strength”, we’re talking about how difficult it would be to crack your password by trying all possible combinations of characters. According to the Center for Internet Security (CIS), length is the most important aspect of a good password. Short and simple passwords can be cracked in a matter of seconds. Long and complicated ones? Trillions of years.

That’s according to a recent study by Hive Systems, a cybersecurity company which breaks down just how long it would probably take the average hacker to crack the passwords safeguarding your most important online accounts.

Adding characters to a password increases the strength exponentially, but there’s a lot more to password security than just length versus complexity. Here are some steps you can take to make sure your passwords are as strong as possible:

• Use a password manager if you can.
• Try to use a password that is at least 12 characters in length.
• Use a randomly generated password (especially if the site limits your password length).
• Avoid common words and character combinations in your password (such as the word ‘password’!), or anything associated with you that someone could find out through for example social media.
• Don’t reuse the same password on multiple systems.
• If you must remember your password, consider using a passphrase (a longer string of text that makes up a phrase or sentence).
• If you have to write your password down, keep it in a secure place, like a locked file drawer. Don’t leave it lying next to your keyboard or taped to your monitor.
• Enable 2-factor authentication if the site offers it.
• Check if your passwords have been stolen and change them if necessary. Tools such as Mozilla’s Firefox Monitor and Google’s Password Checkup can show you which of your email addresses and passwords have been compromised in a data breach so you can take action.

Updated security measures in itslearning

In the latest release of our platform, we’ve made some updates to both password requirements and two-factor login for administrators.

We have increased the minimum length of passwords, to make sure the default settings are at a secure level. Although we allow for low complexity passwords in specific circumstances, we strongly advise against it. Our recommendation will always be to have the highest complexity settings.

2FA adds an additional layer of security to your online accounts. It requires an additional login credential – beyond just the username and password – to gain account access, and getting that second credential requires access to something that belongs to you.

2FA has been enabled and mandatory for system administrators since early 2019 but is now available for all local administrators. Although this is not mandatory, we strongly encourage you to use this option. Your system administrator will receive more information about both these security measures and how to administer them for their organisations.

You can read more about Two-Factor Authentication in this article by our Data Protection Officer, John Arthur Berg.