The GoTo Community is currently experiencing some technical issues affecting new posts and comments. We are actively working with our service provider and apologize for the frustration.
Forum Discussion
Solved
Users of GotoWebinar getting immediate account locking when logging in..
I'm Founder/CTO at a service called aEvent. We help our (200+) business users increase their registrations/attendance/and results from their online events., mainly using GTW. Long story short, so...
Hi,
I have been talking with some internal teams and reviewing accounts in order to get a complete picture of what is happening.- We protect our customers by performing a risk assessment on every login - learn more here: https://support.goto.com/meeting/help/how-do-i-verify-my-login-g2m850064
- Recent improvements are more sensitive to account sharing and device re-use, which are common brute-force account take-over tactics
- For the vast majority of our customers this will have little or no impact
For customers sharing credentials, we see two common patterns appear high risk:
- From a single device, frequent logins with different credentials
- For a single email, multiple logins from differing devices (especially involving long distances between those devices)
In both instances, explicitly marking a device as trusted will reduce the risk and subsequent logins will not be denied. Learn more about managing trusted devices here: https://support.goto.com/meeting/help/how-do-i-manage-my-trusted-devices-g2m850096
When a login is blocked, email verification is typically required to proceed. Repeated offenses will escalate to the system assuming the account has been compromised, requiring a password reset to proceed. The challenge with marking devices as trusted is that it needs to be done after a successful login. Either the person in control of the email needs to login and mark all their colleagues devices as trusted, or everyone sharing those credentials need access to the email to successfully respond to the email verification challenge.
Once a device is trusted, it should not be denied access during subsequent logins. Also, devices cannot be trusted until one successful login attempt has been made.
Currently, there is no way to make an exception for certain accounts and disabling the security check would leave all customers at risk.
There has definitely been a change in the aggressiveness of GoTo's security settings. We have not had lock out issues but have recently been bombarded of having to verify and re-verify when logging in.
Will this continue to persist or is this just a periodic change to re-verify what computers are being used to access an account?
Hi,
I have been talking with some internal teams and reviewing accounts in order to get a complete picture of what is happening.
- We protect our customers by performing a risk assessment on every login - learn more here: https://support.goto.com/meeting/help/how-do-i-verify-my-login-g2m850064
- Recent improvements are more sensitive to account sharing and device re-use, which are common brute-force account take-over tactics
- For the vast majority of our customers this will have little or no impact
For customers sharing credentials, we see two common patterns appear high risk:
- From a single device, frequent logins with different credentials
- For a single email, multiple logins from differing devices (especially involving long distances between those devices)
In both instances, explicitly marking a device as trusted will reduce the risk and subsequent logins will not be denied. Learn more about managing trusted devices here: https://support.goto.com/meeting/help/how-do-i-manage-my-trusted-devices-g2m850096
When a login is blocked, email verification is typically required to proceed. Repeated offenses will escalate to the system assuming the account has been compromised, requiring a password reset to proceed. The challenge with marking devices as trusted is that it needs to be done after a successful login. Either the person in control of the email needs to login and mark all their colleagues devices as trusted, or everyone sharing those credentials need access to the email to successfully respond to the email verification challenge.
Once a device is trusted, it should not be denied access during subsequent logins. Also, devices cannot be trusted until one successful login attempt has been made.
Currently, there is no way to make an exception for certain accounts and disabling the security check would leave all customers at risk.
Hi GlennD
Thanks for the reply.
"Once a device is trusted, it should not be denied access during subsequent logins. Also, devices cannot be trusted until one successful login attempt has been made."This is where we are having trouble. Trusted devices keep getting locked out. David (who I spoke to from support), went ahead and trusted my device. We then went to login and got locked out. We did this test in livetime and he agreed that there is an issue.
Please advise what can be done.GlennD ? Still not solved for me. And support not getting back to us.
5 GTW accounts that we keep needing to resetting.
We created a company group just to keep sharing the constantly changing passwords. We have trusted all of our devices inside of GTW but it doesn't seem to be working.
What do you suggest?
Thank you!
