Overview
Convoso is committed to securing your Account(s) from threats like spam and fraud. As such, Convoso is enhancing the security of the platform, beginning with SMS-enabled Accounts and then extending to all Accounts.
This article explains upcoming security enhancements and answers some anticipated questions about how they will affect your Account and the user experience.
As we implement these compliance updates, Convoso's Compliance Team will keep impacted users informed via in-app notifications and emails.
Please disable adblockers when using Convoso, as these will block important messages from the Convoso Team.
Different security enhancements will go into effect throughout the coming weeks and months:
- March 18, 2025: New User Accounts will be required to use Complex Passwords and change them every 60 days. (This will deploy to accounts incrementally throughout the month.)
- Starting March 31, 2025: Multi-Factor Authentication (MFA) will be required for SMS Accounts. Each user must have a valid email for authentication.
- Starting May 16, 2025: Existing SMS Account Users will be required to update their passwords to meet new security standards and change their password every 60 days.
By June 30, 2025, the following will be implemented for all users:
-
- Complex passwords
- Password rotation every 60 days
- Multi-factor Authentication
- Contact Email Validation
Please Note: These changes will not impact SSO customers.
Contents
What's Changing?
The following login security enhancements are coming to all Accounts.
Convoso recommends that all Agents and Admins update their passwords and prepare for these additional security measures to prevent interruption to service(s).
Complex Passwords
User passwords must follow new complexity standards to enhance security.
Admins and Agents must update their passwords to reflect these requirements:
- Passwords must have a minimum length of 12 characters.
- Include at least one uppercase letter, lowercase letter, number, and special character (! @,#,$,%,^,&,*).
- To learn more about the password update process, see:
Password Rotation & Reuse
The system will have a new 60-day rotation for all passwords. Every 60 days, Users will be required to update their passwords.
When updating passwords, Users are not permitted to use their last five (5) passwords.
If a User attempts to use a password that matches any of their last five (5) passwords, they will receive an error.
Multi-Factor Authentication
Multi-factor Authentication describes a multi-step login process that requires the User to enter more information than just a password, such as a one-time code.
Once enabled, Users will be required to enter a one-time verification code each time they log in. Each code will be valid for 15 minutes from when the system sends it to the User's Contact Email address.
- Starting March 31, 2025, SMS accounts will require Multi-Factor Authentication (MFA). Each user must have a valid email for authentication.
- By June 30, 2025, MFA will be implemented for all users.
- To learn more about the MFA process, see Multi-factor Authentication.
Note: Refrain from using the plus symbol (+) in your Contact Email address, as it may prevent the verification from being sent.
Contact Email Validation
Users will have a new field for their Contact Email address. This is the email address that will receive all communications regarding login security and verification. Once enabled, this setting will require existing Users to enter a Contact Email when they log in. They will then be asked to verify by entering a one-time verification code. New Users will automatically have the email address entered upon creation copied to their Contact Email field. Upon their first log-in, they will be prompted to verify this email address.
- By June 30, 2025, all Users will be required to enter and verify a Contact Email.
- To learn more about adding and validating a Contact Email, see Contact Email Validation.
Frequently Asked Questions
|
Questions |
Answers |
Are these security changes mandatory for all Accounts? |
Convoso is implementing more substantial password security requirements for all Accounts beginning with SMS Accounts. These measures align with industry best practices and help prevent fraud, spam, and other security threats to your Accounts and Campaigns. |
Can I have more time to prepare? |
We understand that adapting to new security measures takes time. Unfortunately, these requirements are driven by industry-wide regulations and enforced by Mobile Network Operators (MNOs).
We want to make the transition as smooth as possible, and we're here to support you through every step of the process. If you have any concerns or need assistance, please submit a Help Ticket. |
Is Multi-factor Authentication required, or just complex passwords? |
We will soon transition all customers to Multi-factor Authentication (MFA) with email verification.
Once we implement MFA, it will be mandatory for all Users, and passwords will no longer be an option for Account security. |
What happens if I do not update my password? |
To maintain compliance with these new security standards, customers who do not meet the password requirements may lose access to the platform or experience service interruptions. We strongly encourage you to update passwords now to avoid any disruptions. |
Will these requirements apply to both Agents and Admins? |
Yes, this applies to all Agents and Admins |
Can Admins update their Agents' passwords? |
Yes, Admins can update Agents' passwords in the User Credentials tab. To learn more about this process, see Edit User Credentials. Admins can also prompt Agents to reset their passwords from the User Credentials tab. To learn more about this process, see Reset Agent Passwords as an Admin. |
Please sign in and vote to let us know if you found this article helpful!
👇