Your school's platform has several features that allow you to enhance the security of your user account. For example, opt for strong authentication for an optimal guarantee of security. The principle is as follows: when you connect to the platform, you will be asked for a temporary code in addition to your usual login and password. The temporary code can be :

• Either sent by e-mail
• Either generated on a smartphone, tablet, or computer application

To activate it, you must access its account settings and click on "Strong Authentication" :

Then select your desired operating mode :

In the screenshot below, the option "Authentication by temporary code" via a third party application is shown. The principle is to download an application (for example: Google Authenticator; a list of compatible standard applications is indicated at the time of activation of the feature). The application collects the secret key either by scanning the QR code or by manual input. From then on, your device is able to generate a code that is valid for 30 seconds: this code must be entered in Eduka to confirm the connection to the system.

In order to give you the possibility to define the level of security that suits you, you can select an option to have this code requested: every connection, every day, every 3 days, 7 days, 15 days, 30 days, or 60 days

This so-called "OTP" (One Time Password) system is based on a widely used standard and is available on many websites or web applications, including banking systems. It guarantees an optimal level of security for users: a hacker who would discover a user's login and password by any means would not be able to connect to the account because he would not have the secret key allowing the generation of the temporary code.

Authentication by means of a temporary password sent via e-mail is considered slightly less secure: indeed, it often happens that users enter the same password for different services. If a hacker has a user's username and password, and these are also valid for logging in to the user's email inbox, then strong authentication by email becomes useless.