Ability to un-enroll from MFA

I couldn't even reply to this without jumping through your 'hoop'. I don't care your reasoning. I think we should have the option of opting out. I now have to figure out how this will work with our elderly people who don't have cell phones. Ridiculous! Did your insurance company demand you do this?

 

 

Top Answer
Kyle_R
Administrator

Hello,

As part of our new and updated feedback statuses, we wanted to update this idea to Acknowledged. There is a lot of feedback within this one thread in particular, some of which was implemented, a few things planned to be improved, and a few that most likely won’t be planned for in the near future.

First, some additional background information and more information as to the “why” of this change. From some of the comments, it feels like that question hasn’t been answered sufficiently. What’s so important and secure about email newsletters anyway? This had to do with a rise in attempted account takeovers the last several years. That is, a bad actor has somehow gained access to some account credentials and attempts to get into your account to send a spam or phishing email to your customers - potentially looking like it is from you. To be clear, this wasn’t due to any sort of Constant Contact breach, but potentially re-using credentials for your account that were no longer secure. Spam is a lucrative industry, and your Constant Contact account can be a valuable target because given our sending reputation, bad actors gaining access to Constant Contact have a better chance of hitting the inbox and getting their malicious messages read. Especially if it comes targeted to your list, looking like it is from your organization. So adding additional security measures protects your business, your subscribers, and it protects our service to ensure only legitimate permission based mail is being sent out. In this sense, the addition of MFA has been a big success to stop these kinds of attempts.

Now to address some of the feedback. Admittedly, this was quite a big change in a small amount of time. Some organizations shared one set of account credentials for all users of the account, so the need to change behavior to add additional individual users was new and taxing. It's worth noting that if you add more users to your account they can have their own MFA device for authentication. The MFA process also needs some time to learn your device and what a “normal” login looks like for your organization. So, when it’s initially turned on you do get prompted more than you would under normal circumstances. If you still find yourself getting prompted for your MFA method on every login and you normally log in on the same device/network every time, that is not working as intended. Make sure you are not using an Incognito window every time, or please contact our support team to work out what the problem may be.

We have made changes to our MFA roll-out plan due in part to the feedback we received. We are working on the ability for self-recovery of MFA tokens, so if you lose your old device or need to update your MFA device you can do so without contacting our support team. All feedback received is actively reviewed and considered. We will continue to assess this feedback and make changes accordingly, which we will communicate to this thread.


176 Comments
Frankie_P
Moderator

Hi @SalP809

 

What about setting up multifactor authentication for your sub-users do you find unworkable? Are these users not seeing the option to create their own authentication?

AlanW620
Rookie

Frankie:   Enough about "collecting feedback."

 

If you don't have enough after a year, you never will...just be honest and say it's not changing.

 

That way I, and it seems like A LOT of your other customers, can do the right thing and cancel our agreements.

 

Sorry to go but with our remote team, this is unworkable.

wjfederer
Campaign Collaborator

I cannot use ConstantContact on airplane flights anymore. I travel continuously and used to work on ConstantContact on my flights - Now, with having to send text messages to my phone makes this impossible. I tried logging in to the internet with two devices while on a flight and I cannot receive text message and be on my laptop at the same time!!! Help!!! You need to have an option to turn off the text message verification so I can use ConstantContact while on an airplane!!!

MeganDuni
Rookie

We would like to disable MFA on our account as well.  The account is registered to one employment with the MFA text verification going to their cell phone.  However, we have multiple staff located in different cities and regional offices who need to login to CC and each time they do, they need to coordinate their login with the person who receive the text code to make sure they are by their phone and available to send the code to the remote person needing to login.  This is a pointless step and MFA should be optional for those in the situation like us who don't want to constantly bug the person who get the code, when they are busy themselves.  I could login today, get a code, then tomorrow if I login I need to get a new code again.  It's ridiculous.

Caitlin_M
Administrator

Apologies for the delay in our reply @Scottroanoke . Multi-factor authentication is an industry standard that is used by many online services to keep their customer’s data secure. Given the types of data available in your account, including your contact lists and sensitive billing information, we are requiring all accounts to set up MFA to protect your business or organization. We are considering some additional features to make MFA easier to manage. I will merge your post into a larger thread surround the MFA requirement

ColbyW9
Rookie

EVERY TIME I log in from my account that is tied to our master corporate account, I have to get a text code. I use the same computer and the same browser EVERY TIME. Please fix this asap, or we will be taking our business elsewhere. 

MurrayW6
Marketing Legend

After years of being forced to tolerate ConstantContact's total lack of respect for its customers and their concerns, I am terminating this "service" today. This is not a hollow threat. I have already signed up for superior products and services (MailChimp, HootSuite, etc.), so I will be closing my CC account in a few minutes. But, before I go, I wanted to post one final exasperated comment (among many).

 

I have been a customer since 2013 -- nine years. Since 2019 alone, I have posted re: nine different topics -- all changes, almost always unannounced, that ConstantContact inflicted upon its customers and refused to reverse despite vehement customer protests, and none of which was ever addressed with anything other than B.S. These changes include:

 

1.) Inability to disable MFA

 

2.) The forced switch to far inferior third generation HTML editor

 

3.) The inability to copy legacy emails

 

4.) The forced switch to a far inferior image editing tool

 

5.) The appearance of unwanted horizontal lines between blocks of content

 

Every single one of these ConstantContact blunders was foisted upon its customers without our feedback or permission, and has attracted MANY additional customer complaints in addition to mine. This particular thread alone, about the inability to disable MFA, has attracted 137 comments (all negative) and counting. Yet absolutely no meaningful action has been taken since the issue was raised more than a year ago. This and every other issue raised by customers has been utterly ignored by ConstantContact. 

 

When will CC apply even a tiny grain of common sense to these issues and provide genuine customer service (instead of condescending lip service) and recognize that it makes no difference if something is the supposedly "industry standard" if your customers HATE IT and/or find it unworkable???

 

A company that doesn't value its customers is doomed to fail.

 

My only consolation is that, after the way we've all been treated, it will be satisfying to watch this slow-motion train wreck play out as ConstantContact stumbles toward its inevitable failure as a company.

 

My only regret is that I didn't leave ConstantContact it sooner. Unfortunately, being a reasonable person, I foolishly thought ConstantContact might eventually take these concerns seriously. But ConstantContact is the least responsive and most arrogant company I've ever dealt with. So it's adios and good riddance.

FirstNameL15435
Campaign Contributor

Echoing all the comments above...how many times do people have to complain about Constant Contact's terrible user experience before you fix it? 

I have to input a code every single time I log into CC, even though it's from the same device. I have so many regrets about signing up for a year-long contract and will be looking for another provider when the contract is up.

 

And the industry standard line? You could at least try to pretend you're a real person and not some robot spouting the BS you've been told to say.

CherS1
Campaign Contributor

Constant Contact, for the love of God, please listen to your customers! No one wants this. It is such a time-wasting nuisance! Especially fun for tos of us working off multiple servers. It's ridiculous. No one has time for this and yet it's been forced on your customers for almost a year now!

David0924
Rookie
I don't want to have multi-factor authentication on my account. Please tell me how to disable this feature. Thank you.
Updates
Introducing our new Feedback area

Our Feedback board is changing! From updated statuses to clearer processes, we're working to improve the conversation between you and our Product teams

Read More
Announcements
What's New?

See the latest Constant Contact product release notes and updates.

Learn More