Malcolm! let's you password protect individual items of content (e.g. a particular FAQ or Workflow) and/or your Hosted Hub.
The best option for you will depend on how exactly you use and implement Malcolm!
Password Protection on Hosted Hub
You can add a "start of session" password to your Hosted Hub via the Visibility tab in the Settings section in MyMalcolm.
In this area you can add one or more passwords. For example you could add one password that all your users share, or you could give each user an individual password. You can supply a label/description next to the password in MyMalcolm to remind yourself who that password was created for. From the same area you can suspend or delete previously created passwords, as well as see when passwords were last used.
When a user visits any page on your Hosted Hub they create a web session. The first time they do this they will be asked for their password. You can configure the exact wording that is used on the password request screen in MyMalcolm! The user will then remain logged in for the remainder of their session. Sessions typically end when the user closes their web browser or after a long period of inactivity.
Password Protection on Individual Content Items
You can also add configure password protection on individual items of content like an FAQ or a Workflow. You do this via the Visibility tab in the Configure section of the individual FAQ or Workflow (which you access via the library in the respective FAQ or Workflow section of MyMalcolm).
The default setting for items of content is that they inherit the settings from the Hub. So if no password is set at a Hub level no password is required to view the content. If a password is set at a Hub level then a password will be required at the start of the user session. If you want to ensure that a password is always required before a particular FAQ or Workflow is accessed you should set it at this content level. Bear in mind however that if you also have a Hub password set and a user starts their session with a direct link to individual content that is password protected they will need to enter two passwords: one to get them into the Hub session and a further password to view the content.
You can also set an individual item of content to never require a password, even if the Hub has a password set. This can be useful if, for example, you want to put all your content behind a Hub password but want to create a Workflow that lets people request access. In this scenario you would create a Workflow for the purpose of requesting access, set it to never require a password then link to it from the text you can configure on the Hub password request screen. When requests come in you can review them and if you approve you can manually set up the user's password.
Also worth noting
If a user makes three failed password attempts they will not be able to attempt a further password within that session for 30 minutes.