Ensuring the security of your account is a top priority for any user. With these customizable security settings, you can better protect your account data.
The security tab of your account’s Administration page allows you to:
- Customize multi-factor authentication
- Set up reCAPTCHA
- Disable custom HTML forms
- Enable social login
In this article, we’ll guide you through these settings so you can customize your account’s security to meet your specific needs.
Table of contents
Multi-factor authentication
reCAPTCHA
Social login
Disable custom HTML forms
Multi-factor authentication (MFA)
MFA improves the security of your Ontraport account by requiring more than just a username and password to log in. With MFA, you’ll need to provide a unique code as a second form of authentication when you log in.
MFA ensures only authorized users can access your account, even if your login credentials are stolen. This security feature dramatically reduces the risk of unauthorized account access and data breaches.
MFA is always enabled in your account. However, you can customize how often the app will prompt you and your users to confirm your identity. Here’s how:
- Go to → Administration → Security → Multi-factor Authentication.
- Select the level of security you want.
- Click Save.
reCAPTCHA
Adding reCAPTCHA to your forms prevents automated spam and fraudulent submissions.
By implementing reCAPTCHA, you can ensure that your form submissions are genuine and trustworthy. This extra security prevents your contact collection from getting filled with spam submissions. And it saves your team time determining whether your contacts are valid. Additionally, reCAPTCHA can reduce the need for manual spam filtering, enabling a more seamless interaction with your customers.
Here’s how:
- Go to → Administration → Security → reCAPTCHA.
- In another tab, open this page.
- Click v3 Admin Console from the top bar.
- Add a label for your site.
- Select “Challenge (v2)” from the reCaptcha type field.
- Choose the type of challenge you want to use.
- In the Domains section, add your domain.
- If you use a mixture of external domains and Ontraport hosted domains, add all of Ontraport’s domains as well:
- mytemporarydomain.com
- temporary-domains.com
- temporarydoma.in
- appts.site
- The links below are legacy domain links still in use but no longer available for new accounts:
- ontralink.com
- ontraport.net
- ontraport.com
- qwkcheckout.com
- safechkout.net
- securechkout.com
- securechkout.net
- myquickcheckout.com
- safechckout.com
- safecheckout.info
- checkoutnow.info
- viprespond.com
- vip2site.com
- vipreplynow.com
- zreply.com
- Members-only.online
- If you use a mixture of external domains and Ontraport hosted domains, add all of Ontraport’s domains as well:
- Agree to Google Cloud Platform Terms of Service.
- Click Submit.
- Copy the site key and secret key from Google and paste them in Ontraport’s reCAPTCHA settings.
In Google your site key and secret key will look like this:
In Ontraport your settings will look like this:
- Click Save.
Test your reCAPTCHA
- Create a form and add the reCAPTCHA element to it.
- Publish the form and test it to confirm that you successfully added reCAPTCHA to it.
Social login
Social login allows you and your team to log in using your Google or Facebook credentials to either the desktop or the mobile app.
- Go to → Administration → Security and toggle on () “Social Login.”
Once you’ve enabled the feature, you can connect with Google or Facebook and log in to Ontraport using a single sign-on (SSO). Here’s how:
- Go to → Personal Profile and scroll down to the “Social Logins” section.
- Click Connect next to Facebook or Google.
- Sign in with your Facebook or Google credentials.
Once connected, you’ll be able to log in to your Ontraport account using your social login.
Once you’ve connected to your social app, you’ll see that the “Connect” button becomes a “Disconnect” button.
If you click Disconnect, you won’t be able to log in using Google or Facebook SSO.
Disable custom HTML forms
HTML forms are a legacy feature that can leave your website vulnerable to list bombing attacks. You can embed either Ontraforms or legacy HTML forms in third-party sites or use them as pop-ups. HTML forms are more customizable than Ontrafroms but less secure. We recommend using form elements instead if you add a form on an Ontraport page.
We recommend keeping this feature on if you’re not actively using HTML forms on your website.
Ontraforms are Javascript forms and provide considerably better than legacy HTML forms at protecting against spam and abuse. If you keep this feature on, no one on your team can accidentally create a less secure form and add it to your site.
However, if you do need to use HTML forms, Ontraport has your back. We automatically add a few groups to your contact collection to help you easily review the legitimacy of the contacts that were added from your legacy HTML forms. This helps you keep your contact list clean and accurate, reducing the risk of fraudulent or spammy contacts infiltrating your database.
Follow these steps to disable HTML forms:
- Go to → Administration → Security → Disable Custom HTML Forms.
If you choose to keep HTML forms enabled in your account, you may find one or more of the following groups of contacts automatically added to your Contact collection:
OP Engineering says: Bad Contact — These contacts have been identified as invalid. This group will be automatically opted out, and they should be deleted.
OP Engineering says: Contact Unverified — These contacts could have been either added through an integration using legacy methods or through list bombing. They may be legitimate contacts and are not automatically opted out, but you should verify if they are valid.
OP Engineering says: Suspect Email — These contacts have email addresses that are listed on known spam lists. We suggest that you delete these contacts, but they will not be automatically opted out.
OP Engineering says: Suspect IP Address — These contacts have come from IP addresses that are associated with past list bombing attacks. We suggest that you verify if they are good contacts.
These groups allow you to review the legitimacy of contacts that may have been added to your list by a list bombing attack.