Skip to main content

Multi-Factor Authentication

Commerce Max Help CenterReporting, Optimizations, & TargetingTroubleshooting & FAQs
Table of contents

Multi-Factor Authentication Basics

What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication is a layered approach to platform security.  Criteo requires a user to present a combination of two credentials to verify their identity for login. MFA improves security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the platform.

Why did Criteo implement MFA?

Implementing MFA makes it more difficult for a malicious actor to gain access to systems, even if passwords are compromised through phishing attacks or other means. This has become increasingly important, as sophisticated phishing scams are able to successfully collect login and password information with convincing fake login pages.

How will this impact how I log into the platform?

  1. Access CMax by entering your email address.

  2. Enter your password

  3. Click Send Verification Email to receive the temporary security code in your email inbox

  4. Retrieve the temporary security code and paste it into the field. Click Confirm to finish logging into the platform.

Scroll through the images on the left to see a step by step of how MFA works.

MFA FAQs

How frequently will I be asked to re-confirm my identity?

  • Your token is valid for eight hours. You’ll be asked to reauthenticate at the conclusion of the eight-hour session.

  • If multiple users use the same credentials to log in:

    • Each user will need to re-authenticate multiple times per day

    • Each user will need to have access to the mailbox used to log in to retrieve the security code.

    • Each user with a different device will need to re-authenticate multiple times per day.

For security reasons, Criteo strongly advises against the use of shared logins. The best practice is to have a unique login for each platform user.

How many attempts can I make to login with MFA?

  • Users can only request a security code five times within a five-minute window. Users can only attempt to submit a security code every five minutes.

  • The code is valid for 30 minutes and each code can only be used once.

I didn’t receive a code. What should I do?

Try the following troubleshooting steps:

  • Did you check your Spam and Junk folders?

  • Have you waited 5 minutes?      

  • Do you have access to the email associated with your account?  If you can’t access the inbox, you’ll need to set up a new account with an accessible email address.

  • Are Criteo’s emails being forwarded automatically to another mailbox or folder? You may be automatically forwarding emails from noreply@criteo.com to a folder – check to see if it’s been redirected.

  • Are you using an alternative email platform to your workplace’s default platform? You may need to add noreply@criteo.com as a trusted sender.

  • Do you receive any emails from Criteo? Check with the technical team at your workplace to ensure that emails from noreply@criteo.com are not being flagged as spam. If so, you’ll need to add noreply@criteo.com as a trusted sender to the company mailbox rules.