Looking for the latest product updates? What's new for Spring 2024 is now available!

Ability to un-enroll from MFA

I couldn't even reply to this without jumping through your 'hoop'. I don't care your reasoning. I think we should have the option of opting out. I now have to figure out how this will work with our elderly people who don't have cell phones. Ridiculous! Did your insurance company demand you do this?

 

 

Top Answer
Kyle_R
Administrator

Hello,

As part of our new and updated feedback statuses, we wanted to update this idea to Acknowledged. There is a lot of feedback within this one thread in particular, some of which was implemented, a few things planned to be improved, and a few that most likely won’t be planned for in the near future.

First, some additional background information and more information as to the “why” of this change. From some of the comments, it feels like that question hasn’t been answered sufficiently. What’s so important and secure about email newsletters anyway? This had to do with a rise in attempted account takeovers the last several years. That is, a bad actor has somehow gained access to some account credentials and attempts to get into your account to send a spam or phishing email to your customers - potentially looking like it is from you. To be clear, this wasn’t due to any sort of Constant Contact breach, but potentially re-using credentials for your account that were no longer secure. Spam is a lucrative industry, and your Constant Contact account can be a valuable target because given our sending reputation, bad actors gaining access to Constant Contact have a better chance of hitting the inbox and getting their malicious messages read. Especially if it comes targeted to your list, looking like it is from your organization. So adding additional security measures protects your business, your subscribers, and it protects our service to ensure only legitimate permission based mail is being sent out. In this sense, the addition of MFA has been a big success to stop these kinds of attempts.

Now to address some of the feedback. Admittedly, this was quite a big change in a small amount of time. Some organizations shared one set of account credentials for all users of the account, so the need to change behavior to add additional individual users was new and taxing. It's worth noting that if you add more users to your account they can have their own MFA device for authentication. The MFA process also needs some time to learn your device and what a “normal” login looks like for your organization. So, when it’s initially turned on you do get prompted more than you would under normal circumstances. If you still find yourself getting prompted for your MFA method on every login and you normally log in on the same device/network every time, that is not working as intended. Make sure you are not using an Incognito window every time, or please contact our support team to work out what the problem may be.

We have made changes to our MFA roll-out plan due in part to the feedback we received. We are working on the ability for self-recovery of MFA tokens, so if you lose your old device or need to update your MFA device you can do so without contacting our support team. All feedback received is actively reviewed and considered. We will continue to assess this feedback and make changes accordingly, which we will communicate to this thread.


176 Comments
user72573
Rookie
Please give the option to disable 2-factor authentication
Frankie_P
Moderator
Status changed to: Open Questions

Hi @user72573  what are some cases where you would not want this two factor authentication on your account?

MichaelM3278
Rookie

The new security procedure is a total pain to me. I have 2 accounts and have to get a new text message with new sign in number every time I switch between them. Security has not been an issue for me and I would like to find a way I can opt out or somehow link my accounts so I don't have to constantly resign in each time I change accounts which can be several times a day.

Frankie_P
Moderator
Status changed to: Voting Open

Hi @Donna_Munsen 

 

We apologize for any inconvenience caused by this multi-factor authentication! Multi-factor authentication is considered an industry standard, used by many online services to keep their customer’s data secure. We’re now requiring this to keep your information as safe as possible through account security and to assure that emails are being sent legitimately and not by spammers to better our sending reputation. With that said, at this time there is no way to turn off this security feature. We have however tracked your feedback on this process and opened up your idea so other users can weigh in as well.

BobS054
Rookie

turn off multi factor authentication. how do I turn off this annoying thing?

Frankie_P
Moderator

Hi @BobS054 at this time being able to turn off the multi-factor authentication in an account is not an available feature. It is however a feature request we are tracking feedback on. We have merged your post into a larger thread on this request in the meantime.

AIRCARE_INTL
Campaign Collaborator

GOOD BYE.

 

I have 5 different departments using CC. I cannot possibly input all of their personal (non company) phone numbers for SMS, They do not have company cells phones nor FB, or Google account - FOR OUR SECURITY- and I as an admin, cannot loginto the accounts.

 

CLEAResult
Rookie

We also have multiple users for our account and currently, I am having to authenticate them through my personal cell phone because I can't find how to add them all. Regardless, I would have to enter their personal cell phone as well, since we do not have phones provided by our company. If CC is unable to allow us to opt-out, can you please find a way to easily allow multiple users to login under the same account? Thank you.

FCAstaff
Rookie

What a total waste of my staff time.

Not being able to turn off the multi-factor authentication will force me to cancel your services and go with someone else. I have had enough. I'll start shopping around for another service today.

 

 

 

CatherineK00
Rookie
company doesnt have a phone number where we can receive verification codes. Can this be turned off.
Updates
Introducing our new Feedback area

Our Feedback board is changing! From updated statuses to clearer processes, we're working to improve the conversation between you and our Product teams

Visit the Blog
Upcoming Webinars
Mar 28
Making it to the Inbox in 2024: What’s changed and what hasn’t
2PM - 3PM EST
Announcements
What's New?

See the latest Constant Contact product release notes and updates.

Learn More