Skip to content
Day 1 Presentation

The nuts and bolts of Moodle authentication security

In a world where authentication, authorisation and identity are largely being offloaded from the end user application, how can we ensure the user is trusted when Moodle cannot leverage these tools? How can you ensure your intellectual property and specific learnings are protected from user or administrator compromise? This talk will discuss how Moodle authentication can be strengthened with a variety of measures to ensure the content on your platform is being delivered to exactly who is intended. Topics covered will be around setting up tool_mfa with a TOTP code and authenticator app, password setting and resetting with tool_passwordvalidator and tool_securityquestions, and best practices for a site security policy that can help to keep your site safe from common threats such as credential stuffing attacks.