Multi-Factor Authentication (MFA) FAQ

William_A
Administrator

Hey everyone!

We’ve recently made some major updates to account security with the release of Multi-Factor Authentication (MFA) as a requirement. With any change, there can be an adjustment period to get used to how it works. We wanted to make a post that contains answers to some common questions. We’ve received some great feedback on the changes so far, and encourage you to continue providing feedback so that we can make sure this process is as smooth as any other login process.

 

-----


What is Multi-Factor Authentication? MFA is an extra layer of security for your account. In addition to your password, MFA requires a secondary factor to verify your identity when logging in. Basically, it’s just a second password that is randomly generated each time you login.

 

The majority of data breaches and phishing attacks involve stolen or weak login credentials. By using an additional means to confirm it’s really you attempting to access your account, MFA can help prevent these attacks, reduce the risk of other cyber security threats (e.g. account takeovers), and protect your personal information from hackers.

 

-----

 

How do I set up MFA in my account, if I haven’t been part of a rollout? This article covering MFA enrollment can provide you with step-by-step instructions and visual elements to follow along with.

 

-----

 

Why is this required? Constant Contact is committed to doing what is best for our customers, and account security is a major part of that. MFA is considered an industry standard, used by many online services to keep their customers’ data secure. Given the amount of sensitive data stored within our customer’s accounts, particularly contacts’ info and billing, we’re now requiring this to keep your information as safe as possible.


Since this is meant to help curb unapproved account logins, it can be instrumental in your account's security and our ability as a company to get your emails into your contact's inboxes, instead of to their spam. The more we can assure that an email is being sent legitimately and not by spammers, the better our sending reputation is and the more you can rely on the deliverability. With that in mind, at this time there is no way to turn off this security feature.

 

-----

 

Was Constant Contact hacked? Fortunately no, this change was not prompted by any of our systems becoming compromised. MFA is something we’d been testing and rolling out for a few years now. The need for tighter customer account security, and the continued path for this to become an industry standard, means that we wanted to get ahead of the curb on this issue - especially as cyber security attacks have become more widespread and damaging in recent years.

 

-----

 

My coworkers and I share login info. How can we get MFA available for all of us? Sharing login credentials is never recommended. The more people / computers / networks signing in on a single login, the more at risk your information can be, especially for account owner logins which have full accessibility to the account (including billing info).


You can set up multiple users in either pricing plan level, with Email accounts able to have up to 5 active users (including the owner), and Email Plus having unlimited users. After enrolling in MFA - either manually or through a rollout – the next time a user logs in, they’ll be prompted to select the MFA method they prefer. If for some reason you're finding that your account isn't allowing the maximum number of users for its level, please call our Billing team so they can check our backend for any antiquated settings.

 

See also:
Account Manager Overview 

Campaign Creator Overview

 

-----

 

What if I don't want to use my private mobile device for MFA? We understand your concerns, however MFA through a personal device is the standard, most secure, and overall most convenient option. There is of course the voice call option, if you have access to a work phone. Beyond that, if you don't have the data or text messaging available, then the Okta and Google options are encrypted, as is standard with us as well.

 

If you have additional concerns and questions over privacy, we encourage you to look through our Privacy Notice. If you have questions and concerns beyond what's covered in those policies, you're welcome to reach out to privacy(at)constantcontact(dot)com for additional information, feedback, and guidance.

 

See also:

Constant Contact's Terms & Conditions

 

-----

 

I don’t have access to my secondary device, how can I login? In this regard, we’ll need to take some extra security measures to get you logged in properly. For that reason, we’d advise calling our general support so they can go through that secure process.

 

-----

 

Can I use my email address as an MFA option? By nature, email tends to be less secure when compared to authenticating through a push notification or an app, so at this point email is not an option. We are always looking to safely improve our processes though, so we appreciate any feedback we can give directly to the devs.

 

-----

 

I setup MFA, but I’m not getting push notifications / texts / calls, how do I get logged in? Generally you should receive an MFA notification within a few seconds of logging in and clicking SEND CODE. Depending on your network, there may be short delays when receiving MFA notifications, typically no longer than a minute in extreme delays. It’s usually worth it to see if you’re having issues with accessing other apps on your device, or receiving text messages right away. If you continue to have issues, we’d advise calling our general support so they can securely assist you in accessing your account.

 

-----

 

How do I change my MFA preference to one of the other options, or change my associated phone number? Once you've logged into your account, you can navigate to the My Account page, and select the Reset MFA button. This will log you out and ask you to log back in once more for account security. Once you've resubmitted your username and password, you'll be prompted to select the MFA method you prefer. Make sure to check out our article on enrolling in MFA for step-by-step instructions and visual references on this process.

 

-----

 

I’m a user on the account, but I can’t login. What can I do? You’ll generally want to reach out to your account owner to see what info they have currently set for your phone, as that will affect the functionality of the MFA options. If your account owner has the correct phone number associated with your Account Manager / Campaign Creator login, then you’ll be able to setup MFA for your device. If you continue to have issues logging in as a user, please call our general support team for secure assistance.

 

-----

 

Why did I receive a “Login From New Device” email? This email is automatically sent out when you, or someone else, tries to log into your account from a device that has never accessed CTCT before. It can also be triggered if you:

  • Deleted your cookies or cleared your web browser's cache.
  • Logged in from a different web browser.
  • Accessed Constant Contact in an incognito or private browser window.

If you recognize the activity, no action is required. If not, we recommend you reach out to the other users on your account to confirm. Otherwise, we generally advise updating your username / password.

 

See also:
Forgotten Username/Password Overview

 

-----

 

We hope this post can help efficiently answer some common Multi-Factor Authentication questions you may have. We’re always happy to help here in the Community if you have any general questions regarding MFA. If you’re unable to call general support, we can also submit callback tickets to the support teams on your behalf. Please email social_support(at)constantcontact(dot)com with your account username and a description of your MFA issue. Make sure that the email is coming from an address verified on the account.


Remember, you’ve got this! You’ve got us!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
William A
Community & Social Media Support
0 REPLIES 0
Updates
Just Getting Started?

We’re here to help you grow. With how-to tutorials, courses, getting-started guides, videos and step-by-step instructions to start and succeed with Constant Contact.

Start Here
Upcoming Webinars
Mar 28
Making it to the Inbox in 2024: What’s changed and what hasn’t
2PM - 3PM EST