Ability to un-enroll from MFA

I couldn't even reply to this without jumping through your 'hoop'. I don't care your reasoning. I think we should have the option of opting out. I now have to figure out how this will work with our elderly people who don't have cell phones. Ridiculous! Did your insurance company demand you do this?

 

 

Top Answer
Kyle_R
Employee

Hello,

As part of our new and updated feedback statuses, we wanted to update this idea to Acknowledged. There is a lot of feedback within this one thread in particular, some of which was implemented, a few things planned to be improved, and a few that most likely won’t be planned for in the near future.

First, some additional background information and more information as to the “why” of this change. From some of the comments, it feels like that question hasn’t been answered sufficiently. What’s so important and secure about email newsletters anyway? This had to do with a rise in attempted account takeovers the last several years. That is, a bad actor has somehow gained access to some account credentials and attempts to get into your account to send a spam or phishing email to your customers - potentially looking like it is from you. To be clear, this wasn’t due to any sort of Constant Contact breach, but potentially re-using credentials for your account that were no longer secure. Spam is a lucrative industry, and your Constant Contact account can be a valuable target because given our sending reputation, bad actors gaining access to Constant Contact have a better chance of hitting the inbox and getting their malicious messages read. Especially if it comes targeted to your list, looking like it is from your organization. So adding additional security measures protects your business, your subscribers, and it protects our service to ensure only legitimate permission based mail is being sent out. In this sense, the addition of MFA has been a big success to stop these kinds of attempts.

Now to address some of the feedback. Admittedly, this was quite a big change in a small amount of time. Some organizations shared one set of account credentials for all users of the account, so the need to change behavior to add additional individual users was new and taxing. It's worth noting that if you add more users to your account they can have their own MFA device for authentication. The MFA process also needs some time to learn your device and what a “normal” login looks like for your organization. So, when it’s initially turned on you do get prompted more than you would under normal circumstances. If you still find yourself getting prompted for your MFA method on every login and you normally log in on the same device/network every time, that is not working as intended. Make sure you are not using an Incognito window every time, or please contact our support team to work out what the problem may be.

We have made changes to our MFA roll-out plan due in part to the feedback we received. We are working on the ability for self-recovery of MFA tokens, so if you lose your old device or need to update your MFA device you can do so without contacting our support team. All feedback received is actively reviewed and considered. We will continue to assess this feedback and make changes accordingly, which we will communicate to this thread.


177 Comments
SaintPaulCommunityEd
Campaign Expert

Please offer a way to opt out of this.  I'll click a waiver of informed consent or what not.  This has made it incredibly difficult for members of our department to access their accounts. 

Scottroanoke
Rookie

Recent changes in the Constant Contact program are not making it easy to use, or stay with. 

 

Cell phone verification before logging in is basically an inconvenience, as are the new short windows to write and design one's email. Our working process incorporates rewrites and fine tuning while on the Constant Contact site, and the emails are written, rewritten, then tuned up before sending. How many times would you think a refresh was required? Lastly, which one of your engineers doesn't like Safari? 

We really need this multifactor check turned off. It is negatively impacting how we can work with Constant Contact.
AlP077
Rookie

I agree with all these responses from  constant contact customers.  the Multi-factor authentication is a pain and does not allow multi users who develop newsletters of a organizations to conduct business.  what if the cell phone of main person is lost or stolen, or they get sick or die...then the organizations is screwed.  There should be an email MFA at the least.  I am curious if constant contact makes any revenue from the SMS texting?  Also, because Constant Contact now has access to users cell phone does Constant Contact get access to that phones data? it seems every darn app wants access to phones data to sell it...

MurrayW6
Marketing Legend

I agree with others are saying. We didn't ask for MFA logins this and it is EXTREMELY ANNOYING, especially because receiving a text is the only option. I don't want any texts from CC -- ever, for any reason. It's an invasion of privacy.

It is the responsibility of each user to make sure their password is secure. So stop playing the "nanny state." This is an insult to those of us who properly manage our security. If someone doesn't protect their password, that's their problem. 

 

And please stop adding unrequested "features" to CC. In my experience, they almost always make your product worse. Please provide an MFA login opt out option -- or I might soon need to opt out of CC altogether.

JessieWF
Rookie

Agreed - don't need it, don't want it, let us turn it off!

ModaHealth
Campaign Collaborator
please turn off MFA or allow more users-you've rendered your service useless
Frankie_P
Employee
Status changed to: Open Questions

Hi @Scottroanoke we're always open to ways we can better our user's experience, so thanks for sharing this feedback with us! With the multi-factor authentication on your account, are you prompted to verify your account every time you log-in on the same device and browser? As for creating your email what are the short windows and refreshes are you speaking of? It's also important we point out there are 3rd party add-ons that could affect how Constant Contact works in a browser, it's always important to make sure you're working in the most up to date version of a browser.

MikeB246
Rookie

If you are collecting feedback on this feature it IS A BAD ONE. I work with a multi-member team and we do a vast amount of business through CC. I'm in there four or five times a day. Each time I am asked to put a code in. It is a big waste of time and it is especially troubling when I have our production assistant do some of the emails. He has to ask me what the code is. AND I am some 2000 miles away. Stop saying it is industry standard. There are plenty of programs that don't require this more than once or twice. 

Frankie_P
Employee

Reply from @Scottroanoke 

The multi-factor identification seems to appear randomly. Sometimes it’s each time I go on, other times it may be a couple weeks between required texts (this is a pain). I use the same computer and same IP address each week (usually Thursdays).

Today I was able to build the email without a request to refresh, this was great. Again, this sort of distraction when you’re trying to create onsite is like a pesky mosquito.

Lastly, yes, you’re probably correct that my browser should be updated, but one would hope your site could issue a bit more lattitude.


 

Resources
Getting Started with Ideas

Welcome to Ideas! This board is dedicated to providing a space for our intrepid users to provide personal insight and feedback on additions and enhancements they’d like to see in your Constant Contact account.

Read more
Announcements
What's New?

See the latest Constant Contact product release notes and updates.

Learn More