Moodle Authentication is a process whereby individuals are allowed to confirm that they are whom they claim to be.
Moodle Authentication Methods
This is based on knowledge that is on something which a person knows. It includes use of PIN codes and passwords and is usually implemented on the HTML platform. In this format, the supplied data is normally supplied to HTTP/S to a respective server where it is processed. HTTP is a networking protocol which is used in the transfer of content on websites. HTTPS is a secure protocol of HTTP which ensures that any communication that takes place in a network is secure and that no one can tamper with it. HTTPS is mostly used when making payments or doing transactions where money is involved or sensitive information is involved.
In this authentication procedure; users are supposed to enter their usernames and passwords. This information is entered into the fields which are supplied on a login form. After entry the user is supposed to press the login icon which sends data to Moodle for further processing. If the provided credentials are correct, it will open and if not correct it will not login.
This mode of authentication is prone to attacks and this is based on weaknesses associated with login. This may be due to weak passwords and weak passwords are usually short, use of names or dictionary names, use of the same password as the username or use of predefined values. Weak passwords are passwords which can easily be guessed. Platforms with weak passwords are normally subject to attacks using brute force login methods.
In this respect therefore, it is highly recommended that good passwords are enforced, implement a password policy as this will be a sure way of authenticating logins of users and at the end of it all security is guaranteed. Other measures which must be taken into consideration include protection of the user logons. Password change is another measure which must be used in Moodle authentication whereby new users are allowed to change their passwords especially when accessing their user profiles.
Recovery of Usernames and Password
The best Moodle authentication platforms must allow users to recover their lost usernames or passwords. It is common to lose passwords or usernames and there must be a procedure of resetting passwords or getting usernames. In such a scenario, users are presented with a form where they can enter emails or user names or required information. If the username exists in the database, then the user will be allowed to reset his or her password. If the user name is not found in the database, then users will be alerted that it does not exist. This is an important feature as it helps in determining valid emails or usernames and at the end of it all, security will be guaranteed.
User Profiles Security
All user accounts have profiles and it is a set of information that relates to that particular user. This information may include their postal address, zip code, telephone numbers, and associated email address among others. All authentication plugins have the potential to hold user fields. The profile is always open for users to edit wherever they wish to. It is worth to note that this configuration is only correct if the Moodle itself is authentic. However, this may vary depending whether you are dealing with internal or external users. In some instances when dealing with external users, fields filed may be locked not unless they are empty.
Moodle authentication can also be accomplished by the use of something that people or users have. This can be a phone or a security token. This same procedure is used in authenticating login platforms. In this, when users are making their profiles, there is a provision where they are requested to supply their phone numbers. Before the whole procedure is successful, users are supplied with codes which they use in verifying that they are the true owners of the phone numbers provided.
After verification, the profile is set up. In the event that users forget their passwords or usernames, a verification code is usually sent to their phone numbers upon request. By entering the verification code, then they are able to access their accounts. If a user loses his or her phone number, then they will not be able to get the verification codes which may not allow them to use their accounts for that matter. If a profile is created from another country and you move to another one whereby you may not be able to access the services of the network provider that you used in opening your account, it is then difficulty to access the account if you forget your password or username.
It becomes difficulty to authenticate your details for instance if they need to send a code to your phone. However, there is always more than one option at the disposal of users. Either an email or a phone number can be used in authenticating user information.
This is another method which can be used in Moodle authentication. In this, authentication uses what one is for example the use of fingerprints, certain biometric features or identifiers and even signatures. The fingerprints of one person can never be the same as those of the other person thus forming one of the best authentication procedures which can be used in Moodle.
The same case applies with biometric identifiers. They are unique from one person to the other and in this case form a basis for Moodle identification. In this case users will be allowed to use their fingerprints to verify themselves. It is a secure manner of verification as compared to many others available. In case of signatures for instance, they must be handled with care as some people may interfere with them which in the long run may affect their use. Signatures must be handled with utmost care and consideration in Moodle authentication as they may be subject to manipulation.