Solutions keyboard_arrow_down keyboard_arrow_up
Our Solutions
Ontraport's solutions work together to give you everything you need to run your business in one centralized, easy-to-use platform.
Resources keyboard_arrow_down keyboard_arrow_up
Find free content on the latest marketing strategies, using Ontraport in your business, and finding the right software.
Visit the blog
University Pricing Chat
Account security
Last updated on: April 21, 2023

Ensuring the security of your account is a top priority for any user. With these customizable security settings, you can better protect your account data.

The security tab of your account’s Administration page allows you to:

  • Customize multi-factor authentication
  • Set up reCAPTCHA
  • Disable custom HTML forms
  • Enable social login

In this article, we’ll guide you through these settings so you can customize your account’s security to meet your specific needs.

Table of contents

Multi-factor authentication
Social login
Disable custom HTML forms

Multi-factor authentication (MFA)

MFA improves the security of your Ontraport account by requiring more than just a username and password to log in. With MFA, you’ll need to provide a unique code as a second form of authentication when you log in.

MFA ensures only authorized users can access your account, even if your login credentials are stolen. This security feature dramatically reduces the risk of unauthorized account access and data breaches.

MFA is always enabled in your account. However, you can customize how often the app will prompt you and your users to confirm your identity. Here’s how:

  1. Go to your accountAdministrationSecurityMulti-factor Authentication.
  2. Select the level of security you want.
  3. Click save.


Back to top

Adding reCAPTCHA to your forms prevents automated spam and fraudulent submissions.

By implementing reCAPTCHA, you can ensure that your form submissions are genuine and trustworthy. This extra security prevents your contact collection from getting filled with spam submissions. And it saves your team time determining whether your contacts are valid. Additionally, reCAPTCHA can reduce the need for manual spam filtering, enabling a more seamless interaction with your customers.

Here’s how:

  1. Go to my accountAdministrationSecurityreCAPTCHA.
  2. In another tab, open this page.
  3. Click v3 Admin Console from the top bar.

  1. Add a label for your site.
  2. Select “Challenge (v2)” from the reCaptcha type field.
    • Choose the type of challenge you want to use.
  3. In the Domains section, add your domain.
    • If you use a mixture of external domains and Ontraport hosted domains, add all of Ontraport’s domains as well:
  4. Agree to Google Cloud Platform Terms of Service.

  1. Click Submit.
  2. Copy the site key and secret key from Google and paste them in Ontraport’s reCAPTCHA settings.

In Google your site key and secret key will look like this:

In Ontraport your settings will look like this:

  1. Click save.

Test your reCAPTCHA

  1. Create a form and add the reCAPTCHA element to it.
  2. Publish the form and test it to confirm that you successfully added reCAPTCHA to it.

Social login

Back to top

Social login allows you and your team to log in using your Google or Facebook credentials to either the desktop or the mobile app.

  • Go to My accountAdministrationSecurity and toggle on (toggle on) “Social Login.”

Once you’ve enabled the feature, you can connect with Google or Facebook and log in to Ontraport using a single sign-on (SSO). Here’s how:

  1. Go to My accountPersonal Profile and scroll down to the “Social Logins” section.
  2. Click Connect next to Facebook or Google.
  3. Sign in with your Facebook or Google credentials.

Once connected, you’ll be able to log in to your Ontraport account using your social login.

Once you’ve connected to your social app, you’ll see that the “Connect” button becomes a “Disconnect” button.

If you click Disconnect, you won’t be able to log in using Google or Facebook SSO.

Disable custom HTML forms

Back to top

HTML forms are a legacy feature that can leave your website vulnerable to list bombing attacks. You can embed either Ontraforms or legacy HTML forms in third-party sites or use them as pop-ups. HTML forms are more customizable than Ontrafroms but less secure. We recommend using form elements instead if you add a form on an Ontraport page.

We recommend keeping this feature on if you’re not actively using HTML forms on your website.

Ontraforms are Javascript forms and provide considerably better than legacy HTML forms at protecting against spam and abuse. If you keep this feature on, no one on your team can accidentally create a less secure form and add it to your site.

However, if you do need to use HTML forms, Ontraport has your back. We automatically add a few groups to your contact collection to help you easily review the legitimacy of the contacts that were added from your legacy HTML forms. This helps you keep your contact list clean and accurate, reducing the risk of fraudulent or spammy contacts infiltrating your database.

Follow these steps to disable HTML forms:

  • Go to My accountAdministrationSecuritytoggle on Disable Custom HTML Forms.

If you choose to keep HTML forms enabled in your account, you may find one or more of the following groups of contacts automatically added to your Contact collection:

OP Engineering says: Bad Contact — These contacts have been identified as invalid. This group will be automatically opted out, and they should be deleted. 

OP Engineering says: Contact Unverified — These contacts could have been either added through an integration using legacy methods or through list bombing. They may be legitimate contacts and are not automatically opted out, but you should verify if they are valid.

OP Engineering says: Suspect Email — These contacts have email addresses that are listed on known spam lists. We suggest that you delete these contacts, but they will not be automatically opted out. 

OP Engineering says: Suspect IP Address — These contacts have come from IP addresses that are associated with past list bombing attacks. We suggest that you verify if they are good contacts. 

These groups allow you to review the legitimacy of contacts that may have been added to your list by a list bombing attack.

Related university lessons
Adding and protecting pages
This lesson covers adding and protecting your membership site pages so only logged in members can access them.
Account security options
This lesson covers all the tools you can use to keep your business data secure: passwords, roles and permissions, IP address verification and more.
Privacy + data security
When you’re using private data about any contacts on your list via merge fields or element database connections, it’s important to keep that info under wraps. Keep your contacts’ info private and secure with the tips from this lesson.
Divider Text
Related support articles
Why won't Ontraport give me credit for my referral?
 Pro tips
Tip #1: Ontraport's security protocol prevents you from logging in while using a VPN. Learn more about your login information here.
Live events
© Ontraport 2024
PCI DSS, Level 1
Privacy Shield Certified