Community Home
Resources
Events & Webinars
Learn
Groups
Product Ideas
Got a 'How do I' question? Join 'Ask a Trainer' Monday to Friday, 11am to 4pm ET for instant help and pro tips!
Join

Disallow usage of personal devices with MFA

0 Votes
Status: Acknowledged Submitted by on ‎04-10-2024 02:29 PM
2 Comments (2 New)

The MFA features are great, but, for the account owner, some transparency into what form of MFA has been configured would be ideal.

 

For instance, if the person adds SMS or a Voice Call feature, I think some employers would like to know/verify that the phone number associated with the account is a work number. That is, that the phone number is not for a personal device.

 

Companies often enforce security policies on their own devices, so they may not want users adding personal devices. (Where security may not be as tight.)

 

Disabling certain forms of MFA would also be useful, for the same reason. If a user adds Okta authentication, that form of MFA is only as secure as the phone it was added to.

 

Further, if the account owner could configure MFA for the user, I think that would also be useful.

 

Complete picture… I add a work cell phone number for SMS and voice for a new user I onboard, and disable Okta and Google Authenticator. (Because they can be installed on any device, and I don't have any control over the security of that device.)

 

Thoughts?

See more ideas labeled with:
2 Comments
Caitlin_M
Administrator
Administrator
‎04-11-2024 03:23 PM
‎04-11-2024 03:23 PM
Status changed to: Acknowledged

Hi @AConstantContactUserThank you for the idea. I can certainly see how this would be useful for businesses or companies who need an additional level of account security. We can't guarantee a commitment to deliver on this feature request, but it should indicate some awareness that we have heard your feedback and could be taken under consideration for a future release.  

AConstantContactUser
Rookie
‎04-11-2024 03:35 PM
‎04-11-2024 03:35 PM

Thanks, Caitlin! Yes. Completely understood.

 

I think, even just exposing what forms of MFA have been configured in the User management screen, and, for SMS and phone authentication, what numbers were added, would be a huge step. Probably less dev work involved there, as it would just mean exposing specific data already associated with those users in that User management interface.

 

Also, thanks for the quick response. Very much appreciated.

Resources
Getting Started with Ideas

Welcome to Ideas! This board is dedicated to providing a space for our intrepid users to provide personal insight and feedback on additions and enhancements they’d like to see in your Constant Contact account.

Read more
Announcements
What's New?

See the latest Constant Contact product release notes and updates.

Learn More