Security improvement
At ActiveCampaign, account security is a top priority. Since May 15, 2025, a new security feature called "Unusual Login" has been activated for all sub-accounts—whether they use the ActiveCampaign brand or are white-labeled through resellers.
Why this change?
In recent weeks, there has been an increase in account takeover (ATO) attempts, particularly targeting partner-resold accounts. To proactively strengthen protection, ActiveCampaign has rolled out this new security layer platform-wide.
What is “Unusual Login”?
This feature adds an extra login verification step to prevent unauthorized access. If a user does not have Multi-Factor Authentication (MFA) enabled, they will be asked to complete an additional challenge in the following cases:
45 days or more have passed since their last login challenge.
They log in from a new device, browser, or IP address.
In these cases, the system will send a one-time code to the user's login email. They must enter this code to continue logging in.
What do users need to do?
No action is required beforehand since this feature is enabled automatically, and cannot be deactivated.
However, we highly recommend enabling Multi-Factor Authentication (MFA), as it remains the most effective defense against unauthorized access. You can enable it from your user profile under ActiveCampaign's security settings.
Key benefits of this feature
Adds an extra layer of protection with no setup required.
Enhances security, especially in shared or remote environments.
Protects both standard and white-labeled partner accounts.
If you have any questions about this update or need help setting up MFA, feel free to reach out to our support team.
