Join our Ask A Trainer Sessions and Chat With our Experts!

Ability to un-enroll from MFA

I couldn't even reply to this without jumping through your 'hoop'. I don't care your reasoning. I think we should have the option of opting out. I now have to figure out how this will work with our elderly people who don't have cell phones. Ridiculous! Did your insurance company demand you do this?

 

 

Top Answer
Kyle_R
Employee

Hello,

As part of our new and updated feedback statuses, we wanted to update this idea to Acknowledged. There is a lot of feedback within this one thread in particular, some of which was implemented, a few things planned to be improved, and a few that most likely won’t be planned for in the near future.

First, some additional background information and more information as to the “why” of this change. From some of the comments, it feels like that question hasn’t been answered sufficiently. What’s so important and secure about email newsletters anyway? This had to do with a rise in attempted account takeovers the last several years. That is, a bad actor has somehow gained access to some account credentials and attempts to get into your account to send a spam or phishing email to your customers - potentially looking like it is from you. To be clear, this wasn’t due to any sort of Constant Contact breach, but potentially re-using credentials for your account that were no longer secure. Spam is a lucrative industry, and your Constant Contact account can be a valuable target because given our sending reputation, bad actors gaining access to Constant Contact have a better chance of hitting the inbox and getting their malicious messages read. Especially if it comes targeted to your list, looking like it is from your organization. So adding additional security measures protects your business, your subscribers, and it protects our service to ensure only legitimate permission based mail is being sent out. In this sense, the addition of MFA has been a big success to stop these kinds of attempts.

Now to address some of the feedback. Admittedly, this was quite a big change in a small amount of time. Some organizations shared one set of account credentials for all users of the account, so the need to change behavior to add additional individual users was new and taxing. It's worth noting that if you add more users to your account they can have their own MFA device for authentication. The MFA process also needs some time to learn your device and what a “normal” login looks like for your organization. So, when it’s initially turned on you do get prompted more than you would under normal circumstances. If you still find yourself getting prompted for your MFA method on every login and you normally log in on the same device/network every time, that is not working as intended. Make sure you are not using an Incognito window every time, or please contact our support team to work out what the problem may be.

We have made changes to our MFA roll-out plan due in part to the feedback we received. We are working on the ability for self-recovery of MFA tokens, so if you lose your old device or need to update your MFA device you can do so without contacting our support team. All feedback received is actively reviewed and considered. We will continue to assess this feedback and make changes accordingly, which we will communicate to this thread.


177 Comments
KarenP
Rookie

I doubt I can get any  help here but this feature is essentially making it impossible for my organization to use constant contact. We have 4 users in different places who work on different campaigns. Now there is no way for some employees to work unless we contact the one employee who has the authenticator set up. Since there are different time zones at play, this also means that huge portions of the day make it impossible to work on constant contact.  This is really ridiculous and needs to be fixed. Looking for other options for email marketing as we have no choice at the point. 

RobertH4988
Campaign Collaborator

I have the same problem. I set up a development account for my development team to use, several of us are working on 3rd party integration so we need a common account for the API Key, etc and to test the CC API to create contact lists, etc.   But with the MFA suddenly imposed on the account, what I am supposed to?  3-4 developers can't use my phone to do MFA as we are developing.  Our development has ground to a halt because of this.

I cannot edit security features on my account which I would like to do. I wish to turn off the two factor authorization via SMS and just use a password to verify. Can someone please remove this feature. Thank you. Joe
Frankie_P
Employee

Hi @mldejarnette23 at this time, having the ability to opt-out of multi-factor authentication is not an available feature. It is however a feature request we are actively tracking. In fact we have moved your post into a larger thread focused on this idea. In the meantime when any updates need to be made, we recommend calling to our general support so they can go through the standard security protocols.

JoshuaW522
Rookie

Please allow user the option of turning off multifactor authentication.

It has made it many times impossible for staff to access the newsletter when working from home or when our library is closed. We all understand the importance of security but not having the option is very unreasonable.  We are seriously considering moving to a new newsletter software.

Please let me know when and if you will update this option. Thank you.

 

JanineD71
Campaign Contributor
I am simply exhausted dealing with your SMS authentication. If I go home to work I have to constantly get a code. When I go to my office I have to get a code again. PLEASE give us an option to turn it off.
JanineD71
Campaign Contributor

This is the most annoying feature. I don't care if it's the industry standard. I don't have to use it on any other platforms I use. This should be an option not a forced feature. 

KeithB660
Rookie
It's annoying. Please just find a different system.
Potomac
Rookie

"opt-out of multi-factor authentication is not an available feature. It is however a feature request we are collecting feedback on."

You've had 6 months of feedback, and from what I can see NONE of it is positive. Our school has multiple people using this account. What was once a quick password change is now an ordeal just to use it each time. You've created a solution in search of a problem. I will give CC two months to allow for opting out - otherwise my solution will be to find another email vendor.  

JanineD71
Campaign Contributor

I am so tired of the ridiculous SMS verification login. I check off the "Do not challenge me on this device again". 

Every time I login I have to find my phone and send the SMS to simply get it to my account. It's the same computer, the same location the same login.

Can anyone tell me a way to get this STUPID ANNOYING $#X%!@?!!! feature to stop. 

 

 

 

Resources
Getting Started with Ideas

Welcome to Ideas! This board is dedicated to providing a space for our intrepid users to provide personal insight and feedback on additions and enhancements they’d like to see in your Constant Contact account.

Read more
Announcements
What's New?

See the latest Constant Contact product release notes and updates.

Learn More