Moodle 3.3 new feature review – OAuth (linked accounts)
Moodle 3,3 allows users to Login using external credentials and easily access documents from Microsoft Office and Google…
To make use of linked logins the OAuth 2 Authentication plugin must first be enabled by a site Administrator.
After this for users to add their details they visit:
User menu > Preferences > Linked logins
…and can then link their Moodle account to an external provider (e.g. Microsoft, Google, Facebook) allowing them to use their external provider’s credentials to sign-in to Moodle.
Personally I always regarded this type of single sign-on as creating an potentially increased security threat. Why? Because all too often users, be that Students or Teachers (and maybe even the odd Administrator!) often use the same password across multiple sites and services (come on, you KNOW you’ve done that before). This makes issues such as identity theft all too easy.
A well known writer for a reputable Apple Mac magazine shared his experience a few years ago, about how a single service was compromised (it may have been his Twitter username and password, I can’t quite remember). That information was then used to sequentially access Facebook, webmail, and other services through a process of requesting password resets, and then username changes.
If Administrators enable OAuth2 Authentication and users have created a new account using this method, they won’t need to add a linked login as they will have already done this by authenticating. However, they can use this area to change which external account is linked to Moodle, and therefore change which credentials they use to sign-in.
- H5P periodic table – 8th September 2023
- Moodle 4.0 – 15th May 2022
- Moodle 4.0 other highlights – 14th May 2022