Multi-Factor Authentication (MFA) FAQ

William_D
Moderator

Multi-Factor Authentication (MFA) FAQ

Hey everyone!

We’ve recently made some major updates to account security with the release of Multi-Factor Authentication (MFA) as a requirement. With any change, there can be an adjustment period to get used to how it works. We wanted to make a post that contains answers to some common questions. We’ve received some great feedback on the changes so far, and encourage you to continue providing feedback so that we can make sure this process is as smooth as any other login process.

 

-----


What is Multi-Factor Authentication? MFA is an extra layer of security for your account. In addition to your password, MFA requires a secondary factor to verify your identity when logging in. Basically, it’s just a second password that is randomly generated each time you login.

 

The majority of data breaches and phishing attacks involve stolen or weak login credentials. By using an additional means to confirm it’s really you attempting to access your account, MFA can help prevent these attacks, reduce the risk of other cyber security threats (e.g. account takeovers), and protect your personal information from hackers.

 

-----

 

How do I set up MFA in my account, if I haven’t been part of a rollout? This article covering MFA enrollment can provide you with step-by-step instructions and visual elements to follow along with.

 

-----

 

Why is this required? Constant Contact is committed to doing what is best for our customers, and account security is a major part of that. MFA is considered an industry standard, used by many online services to keep their customers’ data secure. Given the amount of sensitive data stored within our customer’s accounts, particularly contacts’ info and billing, we’re now requiring this to keep your information as safe as possible.


Since this is meant to help curb unapproved account logins, it can be instrumental in your account's security and our ability as a company to get your emails into your contact's inboxes, instead of to their spam. The more we can assure that an email is being sent legitimately and not by spammers, the better our sending reputation is and the more you can rely on the deliverability. With that in mind, at this time there is no way to turn off this security feature.

 

-----

 

Was Constant Contact hacked? Fortunately no, this change was not prompted by any of our systems becoming compromised. MFA is something we’d been testing and rolling out for a few years now. The need for tighter customer account security, and the continued path for this to become an industry standard, means that we wanted to get ahead of the curb on this issue - especially as cyber security attacks have become more widespread and damaging in recent years.

 

-----

 

My coworkers and I share login info. How can we get MFA available for all of us? Sharing login credentials is never recommended. The more people / computers / networks signing in on a single login, the more at risk your information can be, especially for account owner logins which have full accessibility to the account (including billing info).


You can set up multiple users in either pricing plan level, with Email users able to have up to 3 active users (including the owner), and Email Plus having up to 10 active users (including the owner). After enrolling in MFA - either manually or through a rollout – the next time a user logs in, they’ll be prompted to select the MFA method they prefer. If for some reason you're finding that your Email account doesn't allow up to 3 users, or your Email Plus account doesn't allow up to 10, please call our Billing team so they can check our backend for any antiquated settings.

 

See also:
Account Manager Overview 

Campaign Creator Overview

 

-----

 

What if I don't want to use my private mobile device for MFA? We understand your concerns, however MFA through a personal device is the standard, most secure, and overall most convenient option. There is of course the voice call option, if you have access to a work phone. Beyond that, if you don't have the data or text messaging available, then the Okta and Google options are encrypted, as is standard with us as well.

 

If you have additional concerns and questions over privacy, we encourage you to look through our Privacy Notice. If you have questions and concerns beyond what's covered in those policies, you're welcome to reach out to privacy(at)constantcontact(dot)com for additional information, feedback, and guidance.

 

See also:

Constant Contact's Terms & Conditions

 

-----

 

I don’t have access to my secondary device, how can I login? In this regard, we’ll need to take some extra security measures to get you logged in properly. For that reason, we’d advise calling our general support so they can go through that secure process.

 

-----

 

Can I use my email address as an MFA option? By nature, email tends to be less secure when compared to authenticating through a push notification or an app, so at this point email is not an option. We are always looking to safely improve our processes though, so we appreciate any feedback we can give directly to the devs.

 

-----

 

I setup MFA, but I’m not getting push notifications / texts / calls, how do I get logged in? Generally you should receive an MFA notification within a few seconds of logging in and clicking SEND CODE. Depending on your network, there may be short delays when receiving MFA notifications, typically no longer than a couple minutes. It’s usually worth it to see if you’re having issues with accessing other parts of your app, or receiving text messages right away. If you continue to have issues, we’d advise calling our general support so they can securely assist you in accessing your account.

 

-----

 

I’m a user on the account, but I can’t login. What can I do? You’ll generally want to reach out to your account owner to see what info they have currently set for your phone, as that will affect the functionality of the MFA options. If your account owner has the correct phone number associated with your Account Manager / Campaign Creator login, then you’ll be able to setup MFA for your device.

 

-----

 

Why did I receive a “Login From New Device” email? This email is automatically sent out when you, or someone else, tries to log into your account from a device that has never accessed CTCT before. It can also be triggered if you:

  • Deleted your cookies or cleared your web browser's cache.
  • Logged in from a different web browser.
  • Accessed Constant Contact in an incognito or private browser window.

If you recognize the activity, no action is required. If not, we recommend you reach out to the other users on your account to confirm. Otherwise, we generally advise updating your username / password.

 

See also:
Forgotten Username/Password Overview

 

-----

 

We hope this post can help efficiently answer some common Multi-Factor Authentication questions you may have. We’re always happy to help here in the Community if you have any general questions regarding MFA. If you’re unable to call general support, we can also submit callback tickets to the support teams on your behalf. Please email social_support(at)constantcontact(dot)com with your account username and a description of your MFA issue. Make sure that the email is coming from an address verified on the account.


Remember, you’ve got this! You’ve got us!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
William D
Community & Social Media Support
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Did I answer your question? If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.

Anyone can be a marketer! Visit our Blog & Resources page to brush up on the latest tips and tricks.
0 REPLIES 0