We’ve recently made some major updates to account security with the release of Multi-Factor Authentication (MFA) as a requirement. With any change, there can be an adjustment period to get used to how it works. We wanted to make a post that contains answers to some common questions. We’ve received some great feedback on the changes so far, and encourage you to continue providing feedback so that we can make sure this process is as smooth as any other login process.
- What is Multi-Factor Authentication?
- How do I set up MFA in my account, if I haven’t been part of a rollout?
- Why is this required?
- My coworkers and I share login info. How can we get MFA available for all of us?
- What if I don't want to use my private mobile device for MFA?
- I don’t have access to my secondary device, how can I login?
- Can I use my email address as an MFA option?
- I setup MFA, but I’m not getting push notifications / texts / calls, how do I get logged in?
- How do I change my MFA preference to one of the other options, or change my associated phone number?...
- I’m a user on the account, but I can’t login. What can I do?
- Why did I receive a “Login From New Device” email?
What is Multi-Factor Authentication?
MFA is an extra layer of security for your account. In addition to your password, MFA requires a secondary factor to verify your identity when logging in. Basically, it’s just a second password that is randomly generated each time you login.
The majority of data breaches and phishing attacks involve stolen or weak login credentials. By using an additional means to confirm it’s really you attempting to access your account, MFA can help prevent these attacks, reduce the risk of other cyber security threats (e.g. account takeovers), and protect your personal information from hackers.
How do I set up MFA in my account, if I haven’t been part of a rollout?
Why is this required?
Constant Contact is committed to doing what is best for our customers, and account security is a major part of that. MFA is considered an industry standard, used by many online services to keep their customers’ data secure. Given the amount of sensitive data stored within our customer’s accounts, particularly contacts’ info and billing, we’re now requiring this to keep your information as safe as possible.
Since this is meant to help curb unapproved account logins, it can be instrumental in your account's security and our ability as a company to get your emails into your contact's inboxes, instead of to their spam. The more we can assure that an email is being sent legitimately and not by spammers, the better our sending reputation is and the more you can rely on the deliverability. With that in mind, at this time there is no way to turn off this security feature.
My coworkers and I share login info. How can we get MFA available for all of us?
Sharing login credentials is never recommended. The more people / computers / networks signing in on a single login, the more at risk your information can be, especially for account owner logins which have full accessibility to the account (including billing info).
You can set up multiple users in Standard or Premium plans. After setting up a new user, they’ll be prompted to select the MFA method they prefer during their login creation. If for some reason you're finding that your account isn't allowing the maximum number of users for its level, please call our Billing team so they can check our backend for any antiquated settings.
Account Manager Overview
What if I don't want to use my private mobile device for MFA?
We understand your concerns, however MFA through a personal device is the standard, most secure, and overall most convenient option. There is of course the voice call option, if you have access to a work phone. Beyond that, if you don't have the data or text messaging available, then the Okta and Google options are encrypted, as is standard with us as well.
If you have additional concerns and questions over privacy, we encourage you to look through our Privacy Notice. If you have questions and concerns beyond what's covered in those policies, you're welcome to reach out to privacy(at)constantcontact(dot)com for additional information, feedback, and guidance.
I don’t have access to my secondary device, how can I login?
Can I use my email address as an MFA option?
I setup MFA, but I’m not getting push notifications / texts / calls, how do I get logged in?
If you foresee yourself not having access to your mobile network fairly regularly (e.g. travelling abroad or working during flights), then we'd advise one of the MFA options available via wifi: Okta or Google Authenticator.
How do I change my MFA preference to one of the other options, or change my associated phone number?
If you're unable to fully login to update your MFA preference, there'll be a link at the bottom of the code-entry page where you can start setting up a new preference, via your main account's email address.
Make sure to check out our main article on resetting your MFA preference for visual guidance and written instructions.
I’m a user on the account, but I can’t login. What can I do?
Why did I receive a “Login From New Device” email?
This email is automatically sent out when you, or someone else, tries to log into your account from a device that has never accessed CTCT before. It can also be triggered if you:
- Deleted your cookies or cleared your web browser's cache.
- Logged in from a different web browser.
- Accessed Constant Contact in an incognito or private browser window.
If you recognize the activity, no action is required. If not, we recommend you reach out to the other users on your account to confirm. Otherwise, we generally advise updating your username / password.
Forgotten Username/Password Overview
We hope this post can help efficiently answer some common Multi-Factor Authentication questions you may have. We’re always happy to help here in the Community if you have any general questions regarding MFA. If you’re unable to call general support, we can also submit callback tickets to the support teams on your behalf. Please email social_support(at)constantcontact(dot)com with your account username and a description of your MFA issue. Make sure that the email is coming from an address verified on the account.
We hope this article was helpful in case the issue ever arises. If you need assistance with any of the above, feel free to post our on Get Help board.