I couldn't even reply to this without jumping through your 'hoop'. I don't care your reasoning. I think we should have the option of opting out. I now have to figure out how this will work with our elderly people who don't have cell phones. Ridiculous! Did your insurance company demand you do this?
Nov 22, 2022 8:53:14 AM
As part of our new and updated feedback statuses, we wanted to update this idea to Acknowledged. There is a lot of feedback within this one thread in particular, some of which was implemented, a few things planned to be improved, and a few that most likely won’t be planned for in the near future.
First, some additional background information and more information as to the “why” of this change. From some of the comments, it feels like that question hasn’t been answered sufficiently. What’s so important and secure about email newsletters anyway? This had to do with a rise in attempted account takeovers the last several years. That is, a bad actor has somehow gained access to some account credentials and attempts to get into your account to send a spam or phishing email to your customers - potentially looking like it is from you. To be clear, this wasn’t due to any sort of Constant Contact breach, but potentially re-using credentials for your account that were no longer secure. Spam is a lucrative industry, and your Constant Contact account can be a valuable target because given our sending reputation, bad actors gaining access to Constant Contact have a better chance of hitting the inbox and getting their malicious messages read. Especially if it comes targeted to your list, looking like it is from your organization. So adding additional security measures protects your business, your subscribers, and it protects our service to ensure only legitimate permission based mail is being sent out. In this sense, the addition of MFA has been a big success to stop these kinds of attempts.
Now to address some of the feedback. Admittedly, this was quite a big change in a small amount of time. Some organizations shared one set of account credentials for all users of the account, so the need to change behavior to add additional individual users was new and taxing. It's worth noting that if you add more users to your account they can have their own MFA device for authentication. The MFA process also needs some time to learn your device and what a “normal” login looks like for your organization. So, when it’s initially turned on you do get prompted more than you would under normal circumstances. If you still find yourself getting prompted for your MFA method on every login and you normally log in on the same device/network every time, that is not working as intended. Make sure you are not using an Incognito window every time, or please contact our support team to work out what the problem may be.
We have made changes to our MFA roll-out plan due in part to the feedback we received. We are working on the ability for self-recovery of MFA tokens, so if you lose your old device or need to update your MFA device you can do so without contacting our support team. All feedback received is actively reviewed and considered. We will continue to assess this feedback and make changes accordingly, which we will communicate to this thread.
This is terrible-and we should be able to opt-out. How can multiple people in a company use this? We at least need verification through a shared email address, so that one of us doesn't have to keep supplying everyone else with a log-in code. This is very inconvenient and frustrating.
I count more than 80 negative comments on this since the original post. We don't need MFA. We don't want MFA. How many customers need to complain about this obviously extremely unpopular "feature" before we get some action?
We apologize for any inconvenience caused from users not having the ability to un-enroll from this multi-factor authentication. Does having your users set up their own authentication help fit your needs? In the meantime, we have merged your post into a larger thread focused on this idea.
This should be optional, the biggest pain. There are definitely better ways to do this.
Ridiculous that they are now 6 months of complaints about multi-factor. I could not even get to this post to comment a post without being forced to accept this!
Hi all. Multi-factor authentication is an industry standard that is used by many online services to keep their customer’s data secure. Given the types of data available in your account, including your contact lists and sensitive billing information, we are requiring all accounts to set up MFA to protect your business or organization. We are considering some additional features to make MFA easier to manage. We encourage you to vote or comment on the following posts so our teams can better understand what our customers are looking for to make this process simpler.
Update MFA method directly in accounts
Use email as an option for MFA
If you have multiple people accessing your account, you can set up separate logins so the account doesn't share one MFA method. The Email plan offers 5 account users, and Email Plus offers an unlimited number of account users.
How many lines of code could this really need?
Yes, there has to be a way to make it work easily. I dread having to get into my account. I'm at the same computer, the same location, the same ISP and have to do it every time. Even Google, amazon & banking don't require this level of security.
Firefox 95 on a mac. Can you please disable 2FA on ''?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Our Feedback board is changing! From updated statuses to clearer processes, we're working to improve the conversation between you and our Product teamsVisit the Blog
See the latest Constant Contact product release notes and updates.Learn More