Welcome to the Convoso Help Center

Browse our Knowledge Base of step-by-step tutorials and FAQs

Create a help ticket with our award winning Support Team Submit

Articles in this section

Login Security Enhancements

Avatar
Julianna Rodriguez
  • Updated
Follow

Overview

Convoso is committed to securing your Account(s) from threats like spam and fraud. As such, Convoso is enhancing the security of the platform, beginning with SMS-enabled Accounts and then extending to all Accounts.

This article explains upcoming security enhancements and answers some anticipated questions about how they will affect your Account and the user experience.

As we implement these compliance updates, Convoso's Compliance Team will keep impacted users informed via in-app notifications and emails.

Please disable adblockers when using Convoso, as these will block important messages from the Convoso Team.

Different security enhancements will go into effect throughout the coming weeks and months

  • As of March 2025: New User Accounts and SMS Accounts are required to use Complex Passwords and change them every 30 days. These same accounts also require Multi-Factor Authentication (MFA). Each user must have a valid email for authentication.
  • As of May 2025: All Accounts are required to update their passwords to meet new security standards and change them every 30 days.
  • As of July 2025: All Accounts will require Multi-Factor Authentication (MFA). Each user must have a valid email for authentication. (This will deploy to accounts incrementally throughout the month.)

Please Note: These changes will not impact SSO customers.

Contents

What's Changing?

The following login security enhancements are coming to all Accounts.

Convoso recommends that all Agents and Admins update their passwords and prepare for these additional security measures to prevent interruption to service(s).

 

Complex Passwords

User passwords must follow new complexity standards to enhance security.

Admins and Agents must update their passwords to reflect these requirements:

Password Rotation & Reuse

The system will have a new 30-day rotation for all passwords. Every 30 days, Users will be required to update their passwords.

When updating passwords, Users are not permitted to use their last five (5) passwords.

If a User attempts to use a password that matches any of their last five (5) passwords, they will receive an error.

 

Multi-Factor Authentication

Multi-factor Authentication describes a multi-step login process that requires the User to enter more information than just a password, such as a one-time code. 

Once enabled, Users will be required to enter a one-time verification code each time they log in. Each code will be valid for 15 minutes from when the system sends it to the User's Contact Email address

  • As of March 2025, SMS accounts and New Accounts require Multi-Factor Authentication (MFA). Each user must have a valid email for authentication.
  • By July 2025, MFA will be implemented for all users.
  • To learn more about the MFA process, see Multi-factor Authentication.

Note: Delivery of verification codes could be delayed when using legacy email providers such as Yahoo or AOL, so codes can expire before Users receive the email.

Users may need to:

  • Use an alternate email address from a more modern provider such as Gmail.
  • Request Admin help to reset their email or cool down their account.

Contact Email Validation

Users will have a new field for their Contact Email address. This is the email address that will receive all communications regarding login security and verification. 

  • Note: When entering your contact email, please consider these requirements.
    • Allowed special characters: plus sign (+), hyphen(-), and underscore (_).
    • Consecutive special characters are not allowed: User++1@convoso.com.
    • The part of the email before the @ sign cannot end with a special character: User+@convoso.com.

Once enabled, this setting will require existing Users to enter a Contact Email when they log in. 

They will then be asked to verify by entering a one-time verification code. 

New Users will automatically have the email address entered upon creation copied to their Contact Email field. 

Upon their first log-in, they will be prompted to verify this email address.

  • As of July 2025, all Users will be required to enter and verify a Contact Email.
  • To learn more about adding and validating a Contact Email, see Contact Email Validation.

Note: Verification emails will come from no-reply@convoso.com. Please ensure this address is added to your safe senders list.

Frequently Asked Questions

Questions

Answers

Are these security changes mandatory for all Accounts?

Convoso is implementing more substantial password security requirements for all Accounts beginning with SMS Accounts.

These measures align with industry best practices and help prevent fraud, spam, and other security threats to your Accounts and Campaigns.

Can I have more time to prepare?

We understand that adapting to new security measures takes time. Unfortunately, these requirements are driven by industry-wide regulations and enforced by Mobile Network Operators (MNOs).

  • Because these security updates help protect your business and the messaging ecosystem from fraud and unauthorized access, the deadline is firm, and we cannot extend it.

We want to make the transition as smooth as possible, and we're here to support you through every step of the process.

If you have any concerns or need assistance, please submit a Help Ticket.

Is Multi-factor Authentication required, or just complex passwords?

We will soon transition all customers to Multi-factor Authentication (MFA) with email verification.

  • This additional security layer safeguards against unauthorized access and fraudulent activity. As we roll out this requirement, we will share more details with in-product notifications.

Once we implement MFA, it will be mandatory for all Users, and passwords will no longer be an option for Account security.

What happens if I do not update my password?

To maintain compliance with these new security standards, customers who do not meet the password requirements may lose access to the platform or experience service interruptions.

We strongly encourage you to update passwords now to avoid any disruptions.

Will these requirements apply to both Agents and Admins?

 Yes, this applies to all Agents and Admins

Can Admins update their Agents' passwords?

Yes, Admins can update Agents' passwords in the User Credentials tab. To learn more about this process, see Edit User Credentials.

Admins can also prompt Agents to reset their passwords from the User Credentials tab. To learn more about this process, see Reset Agent Passwords as an Admin.

 

 

 

 

Please sign in and vote to let us know if you found this article helpful!

👇

 

Related articles