Forum Discussion

macformazione's avatar
macformazione
Active Contributor
3 years ago

Disable "Confirm your email" identity confirmation

Disable Confirm your email Kind assistance are to request the deactivation of the email confirmation because, having more offices in Italy, the system checks the accesses and blocks the accounts, o...
Problem
Question
  • AshC's avatar
    AshC
    3 years ago

    Hi Alex_Y

    I apologize for the access difficulty there.

     

    We recently updated the security policy for GoTo Organizer logins.  These are the key points to consider:

    • We protect our customers by performing a risk assessment on every login - learn more here: https://support.goto.com/meeting/help/how-do-i-verify-my-login-g2m850064
    • Recent improvements are more sensitive to account sharing and device re-use, which are common brute-force account take-over tactics
    • For the vast majority of our customers this will have little or no impact

    For customers sharing credentials, we see two common patterns appear high risk:

    1. From a single device, frequent logins with different credentials
    2. For a single email, multiple logins from differing devices (especially involving long distances between those devices)

    In both instances, explicitly marking a device as trusted will reduce the risk and subsequent logins will not be denied. Learn more about managing trusted devices here: https://support.goto.com/meeting/help/how-do-i-manage-my-trusted-devices-g2m850096 

     

    When a login is blocked, email verification is typically required to proceed. Repeated offenses will escalate to the system assuming the account has been compromised, requiring a password reset to proceed. The challenge with marking devices as trusted is that it needs to be done after a successful login. Either the person in control of the email needs to login and mark all their colleagues devices as trusted, or everyone sharing those credentials need access to the email to successfully respond to the email verification challenge.

     

    Once a device is trusted, it should not be denied access during subsequent logins. Also, devices cannot be trusted until one successful login attempt has been made.

     

    ** Currently, there is no way to make an exception for certain accounts and disabling the security check would leave all customers at risk.

     

macformazione's avatar
macformazione
Active Contributor

all our colleagues connect from home with home connection so they do not have fixed vpn and ip. how can we bypass this problem?

AshC's avatar
AshC
Retired GoTo Contributor
3 years ago

macformazione  I'm sorry it cannot currently be disabled. 

  • Alex_Y's avatar
    Alex_Y
    New Contributor
    3 years ago

    Hi,

     

    Since April 1, every log in to go2meeting requests the Verification code. We use this link for the meetings with the customers. The account is registered to the Team Lead who works only 8 hours while we use 24/7 model. The Verification code makes it impossible to use your product. Please disable it ASAP.

    • AshC's avatar
      AshC
      Retired GoTo Contributor
      3 years ago

      Hi Alex_Y

      I apologize for the access difficulty there.

       

      We recently updated the security policy for GoTo Organizer logins.  These are the key points to consider:

      • We protect our customers by performing a risk assessment on every login - learn more here: https://support.goto.com/meeting/help/how-do-i-verify-my-login-g2m850064
      • Recent improvements are more sensitive to account sharing and device re-use, which are common brute-force account take-over tactics
      • For the vast majority of our customers this will have little or no impact

      For customers sharing credentials, we see two common patterns appear high risk:

      1. From a single device, frequent logins with different credentials
      2. For a single email, multiple logins from differing devices (especially involving long distances between those devices)

      In both instances, explicitly marking a device as trusted will reduce the risk and subsequent logins will not be denied. Learn more about managing trusted devices here: https://support.goto.com/meeting/help/how-do-i-manage-my-trusted-devices-g2m850096 

       

      When a login is blocked, email verification is typically required to proceed. Repeated offenses will escalate to the system assuming the account has been compromised, requiring a password reset to proceed. The challenge with marking devices as trusted is that it needs to be done after a successful login. Either the person in control of the email needs to login and mark all their colleagues devices as trusted, or everyone sharing those credentials need access to the email to successfully respond to the email verification challenge.

       

      Once a device is trusted, it should not be denied access during subsequent logins. Also, devices cannot be trusted until one successful login attempt has been made.

       

      ** Currently, there is no way to make an exception for certain accounts and disabling the security check would leave all customers at risk.

       

      • Alex_Y's avatar
        Alex_Y
        New Contributor
        3 years ago

        Hi,

         

        We have added our devices to trusted 100 times but it still wants the verification code. This account belongs to another person who is not on the shift. We urgently need access to the meeting record. Why do we have to wait? Do you understand that this "new feature" makes it impossible to work with your product in the future? How can we request a refund for all our accounts?