Impact Data is committed to providing you with a secure and reliable marketing platform. As part of this commitment, every person accessing your account must have their own unique user login, tied to an individual email address.
This is designed to protect your valuable data and ensure the smooth operation of your team. This also facilitates the use of Multi-Factor Authentication (MFA) for all users, dramatically increasing account security.
The Risks of Shared Accounts (Role-Based Emails)
Using a shared login (like marketing@yourcompany.com or admin@yourcompany.com) might seem convenient, but it introduces several critical security and operational risks:
Security Blind Spots
- No Accountability: If a change or error occurs, it’s impossible to know which person made the action. This hinders troubleshooting and compliance efforts. If ever you need to know who has accessed your account, our support team will not be able to specify who has accessed the account.
- Impossible to Revoke Access: When a team member leaves or changes roles, you can’t easily remove their access without changing the password for everyone still using the shared login. This leaves a significant security gap.
- Insecure Passwords: Shared logins often end up with weaker, static passwords because they are difficult to update and distribute to a group of people. Crucially, shared accounts prevent the use of mandatory MFA.
- Single Point of Failure: Even if a shared address is used with a personal password, the fact that multiple people have the credentials to a single email account makes it inherently less secure than any individual’s dedicated email address.
The Security Benefit: Individual Accounts + Multi-Factor Authentication (MFA)
Requiring a unique user account for every person is the necessary foundation for implementing the highest security standard: Multi-Factor Authentication (MFA).
| Feature | Shared Account (No MFA) | Individual Account (MFA Required) |
|---|---|---|
| Risk of Unauthorized Access | High | Extremely Low |
| Audit Log Visibility | Generic (Who knows?) | Clear, actionable logs (User X did Y) |
| Offboarding Security | Risky, password may not be changed | Immediate, secure deactivation of a single user |
| Password Strength | Often weak, static | Stronger, often system-generated |
What is MFA?
Multi-Factor Authentication (MFA) requires a user to present two or more pieces of evidence to verify their identity. It’s typically:
- Something you know (your password).
- Something you have (a code from your phone or an authenticator app).
This means that even if a password is stolen, the unauthorized person still cannot access your account without physical access to the team member’s personal device. This single step is the most effective way to prevent 99.9% of account compromises.
Next Steps for Your Team
To comply with this updated policy and secure your data:
- Create Unique Accounts: If a team member is using a shared email address, please create a new, dedicated account for them immediately. This new account must be tied to an individual’s email address—either their individual work email (e.g.,
jane.doe@yourcompany.com) or their personal email address. The priority is individual access, as any email address used by only one person is more secure than a shared group address. - Enable MFA: Upon their next login, each individual user should set up Multi-Factor Authentication.
Read more about Enabling Multi-Factor Authentication (MFA)
If you have any questions or need assistance migrating your team to individual accounts, please contact our support team.