cancel
Showing results for 
Search instead for 
Did you mean: 
macformazione
Active Contributor

Disable "Confirm your email" identity confirmation

Disable Confirm your email

Kind assistance are to request the deactivation of the email confirmation because, having more offices in Italy, the system checks the accesses and blocks the accounts, often also asks us to enter the verification code but the email does not always arrive. since the e-mail with the code does not arrive, he blocks the account and asks to reset the password.

 

Cattura.JPGCattura2.JPG

1 ACCEPTED SOLUTION

Accepted Solutions
AshC
Retired GoTo Contributor

Re: Remove the Verification code

Hi @Alex_Y

I apologize for the access difficulty there.

 

We recently updated the security policy for GoTo Organizer logins.  These are the key points to consider:

  • We protect our customers by performing a risk assessment on every login - learn more here: https://support.goto.com/meeting/help/how-do-i-verify-my-login-g2m850064
  • Recent improvements are more sensitive to account sharing and device re-use, which are common brute-force account take-over tactics
  • For the vast majority of our customers this will have little or no impact

For customers sharing credentials, we see two common patterns appear high risk:

  1. From a single device, frequent logins with different credentials
  2. For a single email, multiple logins from differing devices (especially involving long distances between those devices)

In both instances, explicitly marking a device as trusted will reduce the risk and subsequent logins will not be denied. Learn more about managing trusted devices here: https://support.goto.com/meeting/help/how-do-i-manage-my-trusted-devices-g2m850096 

 

When a login is blocked, email verification is typically required to proceed. Repeated offenses will escalate to the system assuming the account has been compromised, requiring a password reset to proceed. The challenge with marking devices as trusted is that it needs to be done after a successful login. Either the person in control of the email needs to login and mark all their colleagues devices as trusted, or everyone sharing those credentials need access to the email to successfully respond to the email verification challenge.

 

Once a device is trusted, it should not be denied access during subsequent logins. Also, devices cannot be trusted until one successful login attempt has been made.

 

** Currently, there is no way to make an exception for certain accounts and disabling the security check would leave all customers at risk.

 


Ash is a member of the LastPass Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!

View solution in original post

9 REPLIES 9
AshC
Retired GoTo Contributor

Re: Disable "Confirm your email"

Hi @macformazione 

I apologize for the login difficulty.

 

While this security email confirmation cannot be disabled, you should be able to verify your location and the system will remember unless you suddenly change IP address or we cannot locate the address at all due to a VPN etc. 


Ash is a member of the LastPass Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
macformazione
Active Contributor

Re: Disable "Confirm your email"

all our colleagues connect from home with home connection so they do not have fixed vpn and ip. how can we bypass this problem?

Alex_Y
New Contributor

Remove the Verification code

Hi,

 

Since April 1, every log in to go2meeting requests the Verification code. We use this link for the meetings with the customers. The account is registered to the Team Lead who works only 8 hours while we use 24/7 model. The Verification code makes it impossible to use your product. Please disable it ASAP.

AshC
Retired GoTo Contributor

Re: Remove the Verification code

Hi @Alex_Y

I apologize for the access difficulty there.

 

We recently updated the security policy for GoTo Organizer logins.  These are the key points to consider:

  • We protect our customers by performing a risk assessment on every login - learn more here: https://support.goto.com/meeting/help/how-do-i-verify-my-login-g2m850064
  • Recent improvements are more sensitive to account sharing and device re-use, which are common brute-force account take-over tactics
  • For the vast majority of our customers this will have little or no impact

For customers sharing credentials, we see two common patterns appear high risk:

  1. From a single device, frequent logins with different credentials
  2. For a single email, multiple logins from differing devices (especially involving long distances between those devices)

In both instances, explicitly marking a device as trusted will reduce the risk and subsequent logins will not be denied. Learn more about managing trusted devices here: https://support.goto.com/meeting/help/how-do-i-manage-my-trusted-devices-g2m850096 

 

When a login is blocked, email verification is typically required to proceed. Repeated offenses will escalate to the system assuming the account has been compromised, requiring a password reset to proceed. The challenge with marking devices as trusted is that it needs to be done after a successful login. Either the person in control of the email needs to login and mark all their colleagues devices as trusted, or everyone sharing those credentials need access to the email to successfully respond to the email verification challenge.

 

Once a device is trusted, it should not be denied access during subsequent logins. Also, devices cannot be trusted until one successful login attempt has been made.

 

** Currently, there is no way to make an exception for certain accounts and disabling the security check would leave all customers at risk.

 


Ash is a member of the LastPass Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
AshC
Retired GoTo Contributor

Re: Disable "Confirm your email"

@macformazione  I'm sorry it cannot currently be disabled. 


Ash is a member of the LastPass Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
Alex_Y
New Contributor

Re: Remove the Verification code

Hi,

 

We have added our devices to trusted 100 times but it still wants the verification code. This account belongs to another person who is not on the shift. We urgently need access to the meeting record. Why do we have to wait? Do you understand that this "new feature" makes it impossible to work with your product in the future? How can we request a refund for all our accounts?

macformazione
Active Contributor

Re: Remove the Verification code

@AshC I agree with what @Alex_Y said
the product is unusable at present try to solve the problem as soon as possible because our lawyers are already setting in motion to be able to distrust you. How can we request a refund for all our accounts?

AshC
Retired GoTo Contributor

Re: Remove the Verification code

@Alex_Y  I apologize for the frustrations.  We recently rolled back one of the security updates to help alleviate some of the login problems.  Are you currently logging in from behind a VPN or using a private connection? 

Are you still receiving verification emails to the GoTo account address?  

 


Ash is a member of the LastPass Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
Alex_Y
New Contributor

Re: Remove the Verification code

Hi,

 

>>Are you currently logging in from behind a VPN or using a private connection? 

 

Yes, we use Kerio VPN to connect to the office. This is a standard communication method for working from home.

 

>>Are you still receiving verification emails to the GoTo account address?  

 

How that works for me now:
1. Without Kerio VPN I do not receive the verification code to enter the meeting room.

2. With VPN (Office PC) I do receive the code even though the device is trusted

We do understand the desire for security but the "Verification code" option must be optional.