Let's Play Bingo in Week 4 of the Ready, Set, Send Challenge!

Ability to un-enroll from MFA

I couldn't even reply to this without jumping through your 'hoop'. I don't care your reasoning. I think we should have the option of opting out. I now have to figure out how this will work with our elderly people who don't have cell phones. Ridiculous! Did your insurance company demand you do this?

 

 

Top Answer
Kyle_R
Employee

Hello,

As part of our new and updated feedback statuses, we wanted to update this idea to Acknowledged. There is a lot of feedback within this one thread in particular, some of which was implemented, a few things planned to be improved, and a few that most likely won’t be planned for in the near future.

First, some additional background information and more information as to the “why” of this change. From some of the comments, it feels like that question hasn’t been answered sufficiently. What’s so important and secure about email newsletters anyway? This had to do with a rise in attempted account takeovers the last several years. That is, a bad actor has somehow gained access to some account credentials and attempts to get into your account to send a spam or phishing email to your customers - potentially looking like it is from you. To be clear, this wasn’t due to any sort of Constant Contact breach, but potentially re-using credentials for your account that were no longer secure. Spam is a lucrative industry, and your Constant Contact account can be a valuable target because given our sending reputation, bad actors gaining access to Constant Contact have a better chance of hitting the inbox and getting their malicious messages read. Especially if it comes targeted to your list, looking like it is from your organization. So adding additional security measures protects your business, your subscribers, and it protects our service to ensure only legitimate permission based mail is being sent out. In this sense, the addition of MFA has been a big success to stop these kinds of attempts.

Now to address some of the feedback. Admittedly, this was quite a big change in a small amount of time. Some organizations shared one set of account credentials for all users of the account, so the need to change behavior to add additional individual users was new and taxing. It's worth noting that if you add more users to your account they can have their own MFA device for authentication. The MFA process also needs some time to learn your device and what a “normal” login looks like for your organization. So, when it’s initially turned on you do get prompted more than you would under normal circumstances. If you still find yourself getting prompted for your MFA method on every login and you normally log in on the same device/network every time, that is not working as intended. Make sure you are not using an Incognito window every time, or please contact our support team to work out what the problem may be.

We have made changes to our MFA roll-out plan due in part to the feedback we received. We are working on the ability for self-recovery of MFA tokens, so if you lose your old device or need to update your MFA device you can do so without contacting our support team. All feedback received is actively reviewed and considered. We will continue to assess this feedback and make changes accordingly, which we will communicate to this thread.


177 Comments
Frankie_P
Employee

Hi @TheD1

 

Have you tried creating separate logins for each user on your account? The good news is accounts with multiple users do have the ability to set up MFA for each individual user.

DobbsD4
Rookie

I am online on a transatlantic flight, fully functional for all my tasks, except with this system because login seems impossible without access to a phone network for the MFA. Chat windows yield generic and useless and useless answers, and no published alternative to the text message verification scheme. Ridiculous for what I pay for this system.

 

This and the ongoing formatting issues with Safari drive me further towards finding alternative solutions to CC.

I must express extreme frustration with having to get a code texted to me every time I need to access Constant Contact. I work with multiple clients and each time I change between them I have to do the whole text message thing. It is really frustrating. I tried to turn it off but all I can do is switch the method. I see in multiple locations CC staff have linked to a page that is supposed to tell you how to turn it off for individual users. (All of my clients have accounts with multiple users.) But I don't see anywhere on that linked page where there are instructions to turn off this annoying feature.

 

I would like to point out that while this multi-factor authentication is indeed a good practice, it is also good practice to allow the end user to select whether they want to use this or not. Constant Contact appears to be the only company that forces you to use this feature. I mention this because in reading this very long thread of comments, a CC staff member seemed to imply it is industry standard. That is a bit misleading. MFA is a widely accepted practice, but it is typically not forced onto customers. Please consider making this feature optional.

Thank you!

SeanJ5053
Rookie

Constant Contact team, I appreciate an update advising how a account holder can opt out of multi-factor authentication. This truly should be the account holders preference to enable/disable.  

Thank you.

CassandraR4
Rookie

How do we throttle back the MFA?

 

Like I'm at a desktop and every hour I need to get a text message.  I don't always have my phone nearby but seriously, if you have my ip and desktop profile, why do I need to keep typing in a TEXT code?  Remember my device for some period of time, like 48 hours or something.

JamesG432
Rookie

I always use the same computer when on Constant Contact and I WANT OUT OF THE SMS VERIFICATION PROCESS!!

 

It is so incredibly annoying and awful.

With multiple account users working on varying workstations as well as remotely, 2-factor authentication frequently creates an obstacle in our workflow.

user3543384
Rookie

Hello,

When employing 3rd parties to help set up products and funnels etc form platforms like fiverr it is very difficult to align timezones to share the relevant code for the person to login and do the work for which I have contracted them. This is incredilby frustrating and has been on your radar for 2 years and you have done nothing about it . So, I plan to cancel and  use other providers who do look after the customer and allow common sense to apply ! 

OliviaM61
Rookie

I had CC since 2013.  The MFA is very annoying.  How do you turn it off.  Please add that option to turn off.

CortR
Rookie

Even when I log in as an account manager from the same device I get hit with this.  Please make it stop.

Resources
Getting Started with Ideas

Welcome to Ideas! This board is dedicated to providing a space for our intrepid users to provide personal insight and feedback on additions and enhancements they’d like to see in your Constant Contact account.

Read more
Announcements
What's New?

See the latest Constant Contact product release notes and updates.

Learn More