Security failures in online exams don't always come from sophisticated attacks. Most malpractice exploits a single missing layer. This checklist covers every layer you should have in place for high-stakes assessments.
Identity & access
- Identity verification at login — photo match or Aadhaar-based e-KYC
- Single-use exam links — prevent sharing of access URLs
- IP/geofencing — restrict access to approved locations
- VPN detection — block access from known VPN providers
Browser security
- Full-screen enforcement — third exit triggers auto-submit
- Tab-switch logging — every focus loss timestamped
- Clipboard blocking — copy, paste, print-screen all disabled
- Developer console blocked — no F12 or right-click
AI monitoring
- Face detection — flags absence or multiple faces
- Gaze tracking — configurable off-screen threshold
- Audio analysis — detects coaching voices
- Mobile device detection — scans camera frame for phones
Not every exam needs every layer. A 20-minute aptitude screening test needs browser lockdown and face detection. A national board exam needs all 12. Match your security stack to your exam stakes.