Use Email As An Option for Multi-Factor Authentication

No email option for MFA? Those without a direct phone number / smart phone will have to use another mail service.

Top Answer
Frankie_P
Moderator

Update August 2022: Multi-factor authentication is an industry standard that is used by many online services to keep their customer’s data secure. Given the types of data available in your account, including your contact lists and sensitive billing information, we are requiring all accounts to set up MFAto protect your business or organization.

 

We are considering additional features to make MFA easier to manage. There are no immediate developments happening, but we are continuing to share the feedback. 


22 Comments
Frankie_P
Moderator
Status changed to: Voting Open

Update August 2022: Multi-factor authentication is an industry standard that is used by many online services to keep their customer’s data secure. Given the types of data available in your account, including your contact lists and sensitive billing information, we are requiring all accounts to set up MFAto protect your business or organization.

 

We are considering additional features to make MFA easier to manage. There are no immediate developments happening, but we are continuing to share the feedback. 

MPHIEvents
Participant
I am really frustrated that we cannot use an email for MFA because we do not want personal phones attached to our Account Owner.
LoriS401
Regular Participant
i absolutely HATE that your company is now FORCING US to give our text. Its more work and it invades my privacy. WHO IS YOUR COMPANY SELLING OUR PHONE NUMBERS TO? Why couldnt you make it possible for us to at least use email options? Likely because you WANT OUR PRIVATE PHONE NUMBERS! Instead of invading our privacy, you should improve the quality of your SLOW platform. YOur tech people SUCK because your platform is so freaking SLOW. AS SOON as I have time , I WILL BE LEAVING your company. PRIVACY INVASION? Now even my VA needs to call me to get the access code. YOU only made it harder on us and invaded our privacy and took away more freedom. Idiots.
DWMO
Occasional Participant

The Multifactor authentification offered by Constant Contact is ill-conceived and implemented. None of the 2FA options provided are practical for our users, and there is no way to opt out of setting it up.

 

I do not want our employees using their personal cell phones to authenticate. Send numbers by voice? Does that work with a business phone exchange? For those (very few) employees who do have company cell phones, you have not included the Microsoft Authenticator app as an authentication method, which is the only method we allow on corporate phones.  Nor have you set up the most basic of 2FA. I.e., send the code via email to the account holder

 

In summary, our users cannot set up 2FA in line with corporate policy. Consequently, they are being forced to set it up against company policy on their personal cell phones.


Frankie_P
Moderator
Status changed to: Open Questions

Hi @DWMO thank you for sharing this feedback with us. Does enabling voice authentication to a direct line or extension help fit your needs? Or are you strictly looking to have email as an option for authentication?

DWMO
Occasional Participant

email and the MS Authenticator App are our preferred two-factor authentication options, thanks!

RobertH4988
Occasional Participant

The MFA policy seems poorly thought out.  For our development of a 3rd party integration, we have several developers using an API Key for developing our integration.  We can't have 3 or more people in different locations dependent on an app on my phone to log into to CC.

MarilagM3
Regular Participant

Hi. How do we turn off MFA or is there a way to use email as an option?

Frankie_P
Moderator

Hi @MarilagM3

 

While turning off this authentication or using email are not available features, with the help of our phone support you can however change your setup to one of the other options.

LaineH0
Participant

Hi @Frankie_P

 

Will those options be available for the future? We work in an environment where multiple people are accessing the same account, and in order to sign people in, I need to have them let me know that they will be sending me a code to my phone, and then I have to send them the time-sensitive code back to ensure they simply log in. It's a rather frustrating process, and I'd love to change it to an email authenticator where we all have access.

 

Thanks! I hope we can find a simpler solution. Appreciate it!

Frankie_P
Moderator

Hi @LaineH0

 

At this time we do not have a time estimate of when this feature will be available. Does having the users on your account enable their own authentication help fit your needs in the meantime?

CynthiaC4
Regular Participant

It is NOT fair that employees must use their PERSONAL device to log in to a service that their employer uses.

And keep in mind, that since COVID, not all employees work in-office any more, so having a phone call going to main switchboard everytime someone needs to use the service is not practical or feasible. What do you want... every time we need to send something, we have to disturb the office secretary with a phone call... they get the code and then have to call us at our desk with a code? RIDICULOUS!

You need to either give the customer the option to NOT use the 2-factor system, or have the code sent via email.

I understand the concern for wanting to keep our Constant Contact site secure... but I'm more concerned about opening up my employees PERSONAL devices... make them vulnerable to the same "attack" you are worried about.

 

TribuneNewspapers

 

KateT91
Participant

I log in to Constant Contact from the same 2 computers for years and now I have to verify that these two computers are valid?!! And because we don't have work cell phones I have had to give my personal cell phone number just in order to do my work. I do not include my cell phone number anywhere in my personal web browsing activity. I don't want it out there.  Why can't we have email verification?

AngelaG63
Member

I do NOT like using my personal cell phone to authenticate. We should have a work email option! We people are accessing the same account, and in order to sign people in, I need to have them let me know that they will be sending me a code and then I have to send them the time-sensitive code back to just log in. Worst change ever!

Frankie_P
Moderator

Hi @AngelaG63

 

Thanks for sharing your feedback on this request. With that said, the good news is your users all have their own login on your account and can all set up their multi-factor authentication with their own devices

ErinP5
Participant

Please allow emailing as an option for MFA and only require it once a month or every 90 days and NOT EVERY SINGLE TIME we try to log into our account. We have multiple users using our CC account and not everyone is comfortable sharing their phone number or downloading an app. We also still need to use someone's personal cell phone for the main account holder. All of this has become increasingly cumbersome for our team and has forced us to explore other options.

AlanW620
Participant

This MFA without email is ridiculous. 

 

You didn't do this for security, if you did - it would have an email option.  Also having to call in to change the MFA number is straight out of 1990.  

 

Your a technology company.  Act like it.

 

Without an email option, we will be going eslewhere...as should most companies.

LoriS401
Regular Participant

at least to verification via email, so we dont have to be slaves to our cell phones and so we dont have to feel that you are privacy invading by demanding to know where we are (traceable phone tracking) ? also, how about you make it easier for us to get into our account even when we dont have cell phone service, such as when we are on a plane?  Did you even think of that, ie, making it EASIER , NOT harder, for your customers to do our work in CC?

JanineD71
Regular Participant

Your SSM is the worst. I am working on an ad and scheduled it. I logged out. I have not moved from my desk or ISP to have any location changes. I l closed the browser and realized I need to check something. Logging back in I have to start all over again with the SSM authentication. If you are going to force a service on us that most don't want and we can't opt out, at least to have it work. 

You could at least have it an e-mail option to receive the SSM. Not everyone has their phone with them at all times. REALY REALLY inconvenient. 

Lightcentre
Occasional Participant

You MUST, immediately, add email as an option. Your current system requires a mobile phone. This is not enough. We have several of our users, who were able to access the site last week, suddenly locked out with no means for an admin to reset their MFA. Honestly, this is terrible, ill-thought out and liable to damages as many are paying for a premium service that our users can no longer access! Fix this immediately. 

 

In addition to this, as you're an international company, why is your phone support only on US time? There is a large portion of the rest of the world that cannot wait for the US to wake up.  

kweeksTAM
Regular Participant

We, too, would like an opt out to MFA.

JanineD71
Regular Participant

It's clear the MFA is not working well for many of your clients. So the "There are no immediate developments happening" is useless. Why don't you fix it instead of useless notifications you are not in the plans to do anything about it. 

Updates
Introducing our new Feedback area

Our Feedback board is changing! From updated statuses to clearer processes, we're working to improve the conversation between you and our Product teams

Visit the Blog
Announcements
What's New?

See the latest Constant Contact product release notes and updates.

Learn More