Home / , / What to do when you receive a one-time verification code

What to do when you receive a one-time verification code

As part of our commitment to data security, your account is equipped with a one-time verification passcode process that triggers when you log in to your account from a new device or IP address. We have put this security measure in place to protect your account, so it’s essential that all users are aware of the process, as you must be able to access to the email address tied to your username in order to complete the verification.

As of May 17, 2023, one-time verification (OTV) has been enabled for all accounts. This new security process triggers when you log in to your account from an unrecognized device or IP address. When triggered, simply follow the prompts to complete the process and log in. We also recommend enabling two-factor authentication (2FA), which removes the OTV requirement, as it further increases the security of your account.

Please ensure that the email address tied to your username is up to date, so you can receive the verification emails.

Logging in with an OTV code

When you log in to your account from an unrecognized device, we will ask you to confirm your identity by retrieving a one-time verification code from your inbox. Devices can be unrecognized for a variety of reasons. For example, if you changed locations, changed networks, or cleared your cache and cookies recently, a previously recognized device may become unrecognized. When this happens, follow these instructions:

  1. Open the inbox for the email address that’s tied to your username.
  2. Locate the email with the verification code. This email is automatically sent to the email address that’s tied to your username. If you cannot find the email, check your spam folder or try searching for “New Device Login”.
  3. Copy the verification code from the email.
  4. Go back to your account and paste the verification code into the login screen.

Copying and pasting the code has occasionally prevented the code from working for some users. If this happens to you, try to paste without formatting. You can use cmd shift v on a Mac or ctrl shift v on a PC to paste without formatting.

When you receive an unprompted verification email

If you were not trying to log in, but you received the email with a verification code, then your username and password credentials may have been compromised. If this is the case, we recommend that you immediately secure your account and reset your password.

Verification works because it expects that your email is secure and that only you can access your email inbox. If your email marketing account credentials are the same as, or similar to, your email credentials, you should immediately change the password for your email inbox and set up 2FA there as well.

Once you are certain that your email inbox is secure, follow these steps:

  1. In the OTV email that you received, click This was not me.
  2. Select Reset my password and follow the prompts.
  3. As an additional level of security, we suggest enabling two-factor authentication.

As a security measure, all devices logged in to your account will be automatically logged out and you will be required to reset your password.

Protect your account with 2FA for enhanced security

Two-factor authentication (2FA) adds another layer of protection that can help secure your account against password theft. It’s one of the most effective ways to increase the security of your account and we strongly recommend that all users set it up. For more information, please refer to this article.

Frequently asked questions about OTV

What is one-time verification?

One-time verification is an additional, automated check that our system performs to ensure that your account is securely under your control. Our system recognizes your normal login activity, so when you log in from a device or location that our system doesn’t recognize, we send a verification message containing a unique, time-sensitive code to the email address connected to your username.

Why do I need to enter a code to log in to my account?

To keep your account secure, as of May 17, 2023, each time you log in to your account from an unknown device, we will ask you to verify that it is you by retrieving a one-time passcode from your inbox.

How does this keep my account more secure?

A one-time verification code reduces the risk of bad actors accessing your account by:

  • Detecting unusual login activity. We identify when an account login comes from an unrecognized device or address, which may indicate unusual or suspicious activity.
  • Sending a unique one-time verification passcode to a verified email address that you control, based on the very low probability that a bad actor has both your login AND control of your email.

Can OTV be turned off for my account?

No, now that OTV has been turned on, it cannot be disabled for any account. You can set up 2FA instead, as this removes the need for OTV. However, there is no way to return to the old login experience and fully remove the requirement for some sort of additional verification, such as OTV or 2FA.

What if I did not receive the email?

Try resending the code. Otherwise, we recommend you check your spam folder.

I do not have access to the email inbox as I am sharing my colleague’s details. How can I log in?

To protect your account security, each user should have their own, unique username and password. If you’re currently using shared credentials, we recommend immediately adding each authorized person as a user and then changing your password. Or if you don’t have those permissions, it’s best to contact the account Parent or Administrator and request to be set up as a user with your own email address.

In addition to being an important security measure, individual credentials are required as part of our Services Agreement, which states that user login credentials cannot be shared.

How long do I have to enter the code?

Each code expires after 10 minutes. You can resend the email if you need to generate a new code.

This is not a new device, why do I have to do this?

When we detect a new device and a new IP address trying to log in to your account, we will ask you to verify that it is you. Additionally, if your browser updates, or if your IP address frequently changes, you may be asked to verify the device again. Credentials will be stored for 30 days. Clearing your cache and cookies can also affect our system’s ability to recognize your device.

I have 2FA set up, do I still have to go through the OTV process?

No, you do not. 2FA and SSO override the OTV requirement, since they are stronger forms of security. If you set up 2FA, you will no longer have to go through the OTV process.