Introduction

Your school's Eduka platform has several features that allow you to strengthen the security of your user account against attack attempts on the 1st level of authentication, i.e. access to the account by entering your login and password:

• brute force attack,
• dictionary attack
• man-In-The-Midle (MITM) attack
• phishing (e-mail) / quishing (QR code) /smishing (SMS) attacks

• Sent by e-mail
• Generated on a smartphone, tablet or computer application
• Or sent by SMS, if this method has been activated after configuration by the establishment

Activating strong authentication in Eduka

To activate it, you need to access your account settings and click on "Double authentication". Double authentication" :

Then select the operating mode you wish to activate:
In the screenshot below, the option " Token authentication in the screenshot below, the "Token authentication" option is shown via a third-party application. The principle is to download an application (e.g. Google Authenticator; Microsoft Authenticator, FreeOTP Authenticator, Authy, OTP Auth, etc.), and then select "Authentication by token". a list of compatible standard applications by operating system for this token-based strong authentication system integrated into Eduka Suite is available when the feature is activated).
The application collects the secret key either automatically by scanning the QR code, or manually, which requires you to collect and enter the secret key displayed in Eduka into the authentication application (see below).

Your device will then be able to generate a temporary 6-digit " OTP "(One Time Password) validation code (token) valid for between 30 and 60 seconds, depending on the authentication application chosen.this temporary validation code must be entered in the 'Validation Code' field on the Eduka strong authentication page to enable the system to validate the token and then connect the user to his or her Eduka account.

This OTP token-based strong authentication system is based on a widely-used standard available on many web sites and applications, including banking systems. It guarantees optimum security for users: a hacker who discovered a user's login and password by any means could not connect to the account, as he would not have the secret key enabling a temporary validation code to be generated for him.

To give you the freedom to define the level of security you require, you can select an option so that this code is requested: at each connection, every day, every 3 days, 7 days, 15 days, 30 days, or 60 days. The less frequently you enter the code, the greater the security of your account. Think about this when you activate strong authentication on your Eduka account.

Anti-bruteforce protection measures on strong authentication (2FA)

Since summer 2024, technical and preventive security measures have been reinforced for all Eduka platforms.
In our case, the measure concerns the protection of user accounts on each Eduka platform against brute-force hacking attempts on the temporary validation codes for strong authentication (2FA):

1. Unsuccessful attempts to connect using strong authentication are tracked in Eduka and remain available for consultation for 30 days in the user's detailed activity (Configuration Module > Users menu)
2. Addition of a one-second latency between 2 strong authentication attempts (protection against simultaneous strong authentication attempts)
3. Eduka account blocked for 1 hour when the user makes 5 successive unsuccessful authentication attempts.
4. An automatic e-mail (see message template below) is sent to the user to inform him/her that, after 5 successive unsuccessful attempts at strong authentication, his/her account is temporarily closed for 1 hour.