Trust & Safety Blog

Using Two Factor Authentication to be cyber smart

Cyber Smart Week - 2FA - Newsletter Banner

This week we’ve already covered the importance of having unique passwords, but there’s plenty more that you can do to add extra layers of protection.

Turning on two-factor authentication (2FA) can help stop scammers from getting into your stuff.

Here at Trade Me this isn’t something you can turn on (or off) yourself, our Site Security team run it in the background all the time, and may require you to verify yourself if something suspicious is detected on your account.

For example, if we believe your password may have been stolen, your account will be restricted and you may be able to unlock your account by getting a code sent to your registered mobile.

That is why it’s so important to keep your contact information up to date (you can do that here).

If your account is restricted in this way, when you attempt to login a note will pop up that stating that  ‘we believe someone has tried to access your account without your permission’.

It then gives you that option to have the code sent, or to call our Site Security team on 0800 334 332.

Entering this code back into the site completes the process, reopens your account and you’re good to go.

We also have a number of other security features on our end to help keep you safe, just incase your password is stolen.

For other websites that give you the choice of 2FA, it’s something we recommend 100% of the time.

With 2FA in place, if an attacker knows your password – they still can’t get into your account.

Take that suckers!

Most websites are set up so that you’ll need something you know (a unique password) as well as something you have (a phone they can text a code to) when you attempt to login on a new device.

Everybody does this a little differently though, so to set this up across your accounts you should start by looking at your account settings.

Toughen up your security with 2FA

  • Keep up your good password practicesthink unique, long and strong.

  • Keep your phone, device or hardware token in a safe place

  • If you receive a code for an account you weren’t trying to log into, change your password. Someone may have your password and be trying to get into your account. Check it out. 

  • Make sure that all of your contact information is kept up to date.