The MFA features are great, but, for the account owner, some transparency into what form of MFA has been configured would be ideal.
For instance, if the person adds SMS or a Voice Call feature, I think some employers would like to know/verify that the phone number associated with the account is a work number. That is, that the phone number is not for a personal device.
Companies often enforce security policies on their own devices, so they may not want users adding personal devices. (Where security may not be as tight.)
Disabling certain forms of MFA would also be useful, for the same reason. If a user adds Okta authentication, that form of MFA is only as secure as the phone it was added to.
Further, if the account owner could configure MFA for the user, I think that would also be useful.
Complete picture… I add a work cell phone number for SMS and voice for a new user I onboard, and disable Okta and Google Authenticator. (Because they can be installed on any device, and I don't have any control over the security of that device.)
Thoughts?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Welcome to Ideas! This board is dedicated to providing a space for our intrepid users to provide personal insight and feedback on additions and enhancements they’d like to see in your Constant Contact account.
Read moreSee the latest Constant Contact product release notes and updates.
Learn More