General Security Enhancements
As part of our commitment to providing a secure e-Learning platform that stays up-to-date with modern cybersecurity requirements, we have introduced a few improvements in our login and email flows.
Session timeouts
After 4 hours and 5 minutes of inactivity, a warning modal will appear stating that you will be logged out shortly. Inactivity is defined as no interaction with the server, so inactivity could include scrolling a mouse around the page but not clicking on anything. Candidate experience will not be affected when using Rogo, as the auto-save functionality in exams will ensure they are never logged out through inactivity.
Reset password tokens
When a user triggers their own password reset, the link will now be available for 1 hour only. After this, users will need to request another password reset. The limit on the password reset link when it is sent by an admin user or automatically triggered will remain 24 hours.
Password change email
An email template can be set in the system emails section to go out when a password has been changed. In the unlikely event that it wasn’t the user who changed this, the template could be styled to instruct the user to contact the appropriate security contacts. If no email template is selected than an email will not be sent in this event.
