Two-step verification and account security
Two-step verification, also known as two-factor authentication (2FA), is an additional layer of end-user account protection beyond a password. Specifically, 2FA verifies your identity by using two methods, or factors, of authentication: something you know (e.g. a password), and something you have (e.g. a mobile device).
Two-step verification significantly decreases the risk of account takeovers. It does this by combining your password (something you know) with a second step of verification, like a one-time access-code or push notification sent to your mobile phone or email address (something you have).
Yes, we are introducing two-step verification to help protect your online account.
You will be prompted to sign-in with two-step verification when:
- you try to recover your username or password
- you update secured areas of your profile
- we detect suspicious login behaviour on your account
It should be instantaneous. If for whatever reason you do not receive it, you can either ask for another one-time access code, or use the alternative method presented to you.
We will periodically remind you to add a mobile number to set up two-step verification.
If you receive a one-time access code but did not request one, there is a chance someone may be using your account password — but don’t worry. Whomever is attempting to access your account won’t get the access code that you received. We still recommend immediately changing your affected account password.
You can change the phone number from the two-step verification settings page, which is accessed from My Profile.
Once a mobile phone number has been added, it cannot be removed. However, you can change this phone number at any time. You will also always have the option to receive your one-time access code via the email address you have in your profile.
You can change your phone number if required. You will also always have the option to receive your one-time access code via the email address you have in your profile.
You can verify your identity and attempt to resend the access code, or choose to send using a different method such as your email.
You can request that we send another one-time access code. If you still cannot pass two-step verification, you will not be able to access your online account. Please call us.
Two-step verification works with text messages and email. If you do not have a mobile phone that can receive SMS text messages, then you will have the option to receive the one-time access code via email.
You will have the options to either receive a one-time access code via your email, or you can answer a security question from your Profile. Please check your Profile to ensure your email address is up to date.