Ability to un-enroll from MFA

I couldn't even reply to this without jumping through your 'hoop'. I don't care your reasoning. I think we should have the option of opting out. I now have to figure out how this will work with our elderly people who don't have cell phones. Ridiculous! Did your insurance company demand you do this?

 

 

Top Answer
Kyle_R
Administrator

Hello,

As part of our new and updated feedback statuses, we wanted to update this idea to Acknowledged. There is a lot of feedback within this one thread in particular, some of which was implemented, a few things planned to be improved, and a few that most likely won’t be planned for in the near future.

First, some additional background information and more information as to the “why” of this change. From some of the comments, it feels like that question hasn’t been answered sufficiently. What’s so important and secure about email newsletters anyway? This had to do with a rise in attempted account takeovers the last several years. That is, a bad actor has somehow gained access to some account credentials and attempts to get into your account to send a spam or phishing email to your customers - potentially looking like it is from you. To be clear, this wasn’t due to any sort of Constant Contact breach, but potentially re-using credentials for your account that were no longer secure. Spam is a lucrative industry, and your Constant Contact account can be a valuable target because given our sending reputation, bad actors gaining access to Constant Contact have a better chance of hitting the inbox and getting their malicious messages read. Especially if it comes targeted to your list, looking like it is from your organization. So adding additional security measures protects your business, your subscribers, and it protects our service to ensure only legitimate permission based mail is being sent out. In this sense, the addition of MFA has been a big success to stop these kinds of attempts.

Now to address some of the feedback. Admittedly, this was quite a big change in a small amount of time. Some organizations shared one set of account credentials for all users of the account, so the need to change behavior to add additional individual users was new and taxing. It's worth noting that if you add more users to your account they can have their own MFA device for authentication. The MFA process also needs some time to learn your device and what a “normal” login looks like for your organization. So, when it’s initially turned on you do get prompted more than you would under normal circumstances. If you still find yourself getting prompted for your MFA method on every login and you normally log in on the same device/network every time, that is not working as intended. Make sure you are not using an Incognito window every time, or please contact our support team to work out what the problem may be.

We have made changes to our MFA roll-out plan due in part to the feedback we received. We are working on the ability for self-recovery of MFA tokens, so if you lose your old device or need to update your MFA device you can do so without contacting our support team. All feedback received is actively reviewed and considered. We will continue to assess this feedback and make changes accordingly, which we will communicate to this thread.


164 Comments
kristinw613
Participant

Turn off the stupid multi-factor authentication FOR THE LOVE OF GOD CAN'T YOU SEE HOW MUCH WE HATE IT?!?! We pay you. You work for us. We did not ask for this. It should be an option. It is such a hassle! 

KennethB668
Participant

Really disappointed. Trying to do work while on a flight but of course can't receive a text message to authenticate. Please allow us to disable it if logged in or some kind of work around. 

MaryJoC83
Established Member

I am trying to add an account manager. However, the account manager only has a personal phone and will not add it for SMS verification (nor will I ask them to do so) . Surely there needs to be a better way. Why not email?

GregoryA91803
Regular Participant

I've posted my utter disgust with the multifactor authorization before. I just contacted to see what I could do with them. The questions that I asked them are:

Currently use constant contact. Questions:
1. I don't want to use two step verification. Can I bypass that with you?
2. I have just over 14000 contacts. How much per month?
3. Do you have templates that I can use (and build) for my newsletters?
4. We have two divisions - laser training, and laser certification. Currently I can create newsletters for either, using the respective names and addresses. Can I do that with one account with ?
5. Do I get reports back on number of opens, links clicked, etc?
6. Is there any limit on the number of newsletters (emails) I send out per month? Currently only do 2-3 per month.

 

Once I hear back from I'll post their answers here on this site, so other constant contact customers can abandon ship as well.

Gregory Absten
Professional Medical Education Assn.
absten@lasertraining.org

https://LaserTraining.org

RobC351
Participant

Awful

Howard,_WI
Occasional Participant

Caitlin_M

The MFA complaints have been rolling in for well over a year. Given the sheer amount of negative comments, I'd very much like an update on how Constant Contact plans to address the issues with MFA. I am still one of the many, many customers who would like the option to opt-out of MFA, but at the very least Constant Contact owes its customers a response. 

AlexT2778
Participant

Can we add a feature for multiple users if MFA is a requirement? For small businesses that use one account but separate people create content and others have the account management; we need an option for when those people are not working in the same location or at the same time.  Thank you. 

Frankie_P
Moderator

Hi @AlexT2778

 

The good news is accounts with multiple users do have the ability to set up MFA for each individual user.

JanineD71
Regular Participant

I found an easy way to get around the problem. I'm going to get another service provider. Problem solved!

GregoryA91803
Regular Participant

ABSOLUTELY! I Agree. I've also found another service provider but haven't implemented it yet. I will. Turns out that I can have MANY more contacts listed at a LESS EXPENSIVE price than constant contact. Works for me.

This part is conjecture, but I don't buy into the BS response that it's the industry standard and works to protect "our" information. Protect us from what? someone stealing our newsletters? That's what the whole system is about anyway, to make it as publicly available to as many people as possible. Let someone steal them - we're trying to get them out anyway.

My suspicion is that people might be hacking into the system and creating ways to send out their own communications without paying for it. Constant contact is being ripped off by them, and the response of constant contact is to punish legitimate customers by forcing us to go through all of these hoops.

I've already made arrangements with MailChimp and will be leaving soon.

Gregory Absten - absten@lasertraining.org 

PaulA2750
Regular Participant

Constant Contact SUCKS ... so tired of the BS dual log in ....  I constantly must reset my password .... cant wait to leave 2023!

Kyle_R
Administrator
Status changed to: Acknowledged

Hello,

As part of our new and updated feedback statuses, we wanted to update this idea to Acknowledged. There is a lot of feedback within this one thread in particular, some of which was implemented, a few things planned to be improved, and a few that most likely won’t be planned for in the near future.

First, some additional background information and more information as to the “why” of this change. From some of the comments, it feels like that question hasn’t been answered sufficiently. What’s so important and secure about email newsletters anyway? This had to do with a rise in attempted account takeovers the last several years. That is, a bad actor has somehow gained access to some account credentials and attempts to get into your account to send a spam or phishing email to your customers - potentially looking like it is from you. To be clear, this wasn’t due to any sort of Constant Contact breach, but potentially re-using credentials for your account that were no longer secure. Spam is a lucrative industry, and your Constant Contact account can be a valuable target because given our sending reputation, bad actors gaining access to Constant Contact have a better chance of hitting the inbox and getting their malicious messages read. Especially if it comes targeted to your list, looking like it is from your organization. So adding additional security measures protects your business, your subscribers, and it protects our service to ensure only legitimate permission based mail is being sent out. In this sense, the addition of MFA has been a big success to stop these kinds of attempts.

Now to address some of the feedback. Admittedly, this was quite a big change in a small amount of time. Some organizations shared one set of account credentials for all users of the account, so the need to change behavior to add additional individual users was new and taxing. It's worth noting that if you add more users to your account they can have their own MFA device for authentication. The MFA process also needs some time to learn your device and what a “normal” login looks like for your organization. So, when it’s initially turned on you do get prompted more than you would under normal circumstances. If you still find yourself getting prompted for your MFA method on every login and you normally log in on the same device/network every time, that is not working as intended. Make sure you are not using an Incognito window every time, or please contact our support team to work out what the problem may be.

We have made changes to our MFA roll-out plan due in part to the feedback we received. We are working on the ability for self-recovery of MFA tokens, so if you lose your old device or need to update your MFA device you can do so without contacting our support team. All feedback received is actively reviewed and considered. We will continue to assess this feedback and make changes accordingly, which we will communicate to this thread.

WayFinders
Participant

I don't see anything about this in the MFA FAQ. With many people still working remotely, you would think this would be resolved.
I have a colleague logging in to our account from her home office, and I keep having to send her the MFA code from my phone.

We have a multiuser plan - not sharing logins - and she is set as an Account Manager. I am the account owner.
How many times do we have to do MFA before CC finally recognizes and accepts a new login location? Or is there another setting we can toggle to end this process?

Frankie_P
Moderator

Hi @WayFinders

The MFA process also needs some time to learn your device and what a “normal” login looks like for your organization. So, when it’s initially turned on you do get prompted more than you would under normal circumstances. If you still find yourself getting prompted for your MFA method on every login and you normally log in on the same device/network every time, that is not working as intended. Make sure you are not using an Incognito window every time, or please contact our support team to work out what the problem may be.

We apologize there is no setting to end this process. Because of this we have merged your post into the appropriate thread focused on having the ability to un-enroll from this process.

Updates
Introducing our new Feedback area

Our Feedback board is changing! From updated statuses to clearer processes, we're working to improve the conversation between you and our Product teams

Visit the Blog
Announcements
What's New?

See the latest Constant Contact product release notes and updates.

Learn More