Skip to main content

Security Enhancements to the Collexo Institute Portal

Introduction 

We are pleased to announce significant enhancements to the security of the Collexo Institute Portal. In our continuous effort to provide a secure and reliable user experience, we have introduced new measures that include Multi-Factor Authentication (MFA) and improved password reset capabilities.

 

Multi-Factor Authentication (MFA) Implementation

Multi-factor authentication (MFA) is a security process that requires users to provide two or more verification factors to access an account. MFA enhances protection by reducing the risk of unauthorized access.

Configurable for Institutes: 

By default, MFA will be enabled for all institutes. MFA can be enabled/disabled via Security Config.

Navigation:
Manage Account →Business Account → General Settings → Security Config.


Note : Multi-Factor Authentication (MFA) is enabled by default to enhance the security of your account and data. However, if you choose to disable MFA, please note that Collexo will not be responsible for any data breaches, unauthorized access, or security incidents that may occur as a result of this action.

Flexible Authentication Options 

Users have the option to choose authentication method as per their preference. The available authentication methods are as follows:-

  • Email OTP: This is the default authentication method for all users. Users would be required to enter the OTP that they receive in their email address.
  • Authenticator-based login: It uses an app (like Google Authenticator) to generate time-sensitive, one-time passcodes for secure access. Users need to enter the generated code to verify their identity. Here are the benefits of authenticator-based login:-
    • Authenticator apps work even when your phone is offline i.e. codes can be generated without an internet connection.
    • Unlike email-based OTPs, authenticator apps are based on something you have, i.e., your physical device, making them inherently more secure than something you know (like email credentials or passwords). 
    • Since codes are generated locally on your device and change every 30 seconds, they’re much harder for attackers to intercept or reuse.

Institute Portal Login Process:-

How to Set Up Authenticator

  1. Download an authenticator app from the Play Store or App Store (for example Google Authenticator, Microsoft Authenticator, Authy)
  2. Open the app and tap the “+” icon to add a new account.
    You’ll see two options:
    • Scan a QR code
    • Enter a setup key manually
  3. Go to your Collexo account → Click on your profile (top right) → My ProfileSecurity
  4. Turn on Login Using Authenticator toggle
  5. Scan the QR code shown on the screen using the authenticator app.
    Once scanned, your account will be added automatically, and you’ll start seeing a 6-digit code.
  6. If you can’t scan the QR code: Choose “Enter a setup key” in the app and fill in the following details:
    • Account Name: Enter the email address you login with
    • Setup Key (no spaces): Enter the setup key being shown
    • Key Type: Select Time Based as the key type
  7. After adding the account, verify the 6-digit code shown in your app in the input box to complete the setup.

You're all set! Instead of entering in email OTPs, you can now login using authenticator codes which would be generated every 30 seconds on your device.

  • Enhanced Security Measures: Appropriate rate limits have been implemented to prevent unauthorized access, further safeguarding user accounts.

Password Reset Links Enhancement

  • Users with the appropriate permissions can now send password reset links directly from the Institute portal. This feature is designed to facilitate secure and efficient account recovery for our users.

How to send Password Reset Links:

Navigation: Menu → Admin Setting → Manage Users 

  • Head over to the Manage Users page.
  • Click on the Action button against the user to whom you want to send the Password Reset Link to.
  • Click on “Send Password Reset Link”
  • An email containing the Password Reset Link would be sent to the user.

These updates reinforce our commitment to maintaining the highest standards of security and providing you with a robust, user-friendly experience on the Collexo Institute Portal.

Was this article helpful?