The GoTo Community is currently experiencing some technical issues affecting new posts and comments. You may need to reload the page you are on before you can post a comment. We are actively working with our service provider and apologize for the frustration.
Forum Discussion
Solved
Disable "Confirm your email" identity confirmation
Disable Confirm your email
Kind assistance are to request the deactivation of the email confirmation because, having more offices in Italy, the system checks the accesses and blocks the accounts, o...
Hi Alex_Y
I apologize for the access difficulty there.
We recently updated the security policy for GoTo Organizer logins. These are the key points to consider:
- We protect our customers by performing a risk assessment on every login - learn more here: https://support.goto.com/meeting/help/how-do-i-verify-my-login-g2m850064
- Recent improvements are more sensitive to account sharing and device re-use, which are common brute-force account take-over tactics
- For the vast majority of our customers this will have little or no impact
For customers sharing credentials, we see two common patterns appear high risk:
- From a single device, frequent logins with different credentials
- For a single email, multiple logins from differing devices (especially involving long distances between those devices)
In both instances, explicitly marking a device as trusted will reduce the risk and subsequent logins will not be denied. Learn more about managing trusted devices here: https://support.goto.com/meeting/help/how-do-i-manage-my-trusted-devices-g2m850096
When a login is blocked, email verification is typically required to proceed. Repeated offenses will escalate to the system assuming the account has been compromised, requiring a password reset to proceed. The challenge with marking devices as trusted is that it needs to be done after a successful login. Either the person in control of the email needs to login and mark all their colleagues devices as trusted, or everyone sharing those credentials need access to the email to successfully respond to the email verification challenge.
Once a device is trusted, it should not be denied access during subsequent logins. Also, devices cannot be trusted until one successful login attempt has been made.
** Currently, there is no way to make an exception for certain accounts and disabling the security check would leave all customers at risk.
Alex_Y I apologize for the frustrations. We recently rolled back one of the security updates to help alleviate some of the login problems. Are you currently logging in from behind a VPN or using a private connection?
Are you still receiving verification emails to the GoTo account address?
Hi,
>>Are you currently logging in from behind a VPN or using a private connection?
Yes, we use Kerio VPN to connect to the office. This is a standard communication method for working from home.
>>Are you still receiving verification emails to the GoTo account address?
How that works for me now:
1. Without Kerio VPN I do not receive the verification code to enter the meeting room.
2. With VPN (Office PC) I do receive the code even though the device is trusted
We do understand the desire for security but the "Verification code" option must be optional.
