Betfair Help
Increasing the Security on your Betfair Account
Protecting the security and privacy of customers’ accounts is an integral focus for Betfair Australia. We want to educate you as valued customers of the risks posed by ‘fraudsters’ and some simple controls to protect Your Account and information.
This article will firstly show you how common data breaches are and why we’re all vulnerable. Then we’ll discuss three techniques to keep your account safe.
They are regular password changes, a password manager, and Two Factor Authentication (2FA).
DATA BREACHES
In recent times, there have been major data breaches of commonly used platforms, including LinkedIn. Fraudsters have been successful in accessing millions of usernames and passwords.
The stolen information is then often sold to other fraudsters who will attempt (through automated techniques such as ‘credential stuffing’) to use these credentials to access peoples’ banking, social media, online shopping or even wagering accounts. This poses major risks to people that use common usernames and passwords across different platforms.
Fortunately, Betfair Australia has not been the subject of such a breach. However, we want our customers to be vigilant and protected.
PREVENTION RECOMMENDATIONS
A pro-active approach to information security can help you protect your Betfair account.
Usernames and passwords are the first line of defence. Upon signing up to Betfair, it is recommended that you select a unique username and password combination. This includes changing your nominated username from an email address to something different. Ideally your password should be changed on a monthly basis.
For customers looking to up their security game, the Australian National Cyber Security Centre (NCSC) strongly encourages the use of 2FA and a password manager to keep your credentials secure.
TWO FACTOR AUTHENTICATION
Betfair has Two Factor Authentication (2FA) which greatly reduces the chance of having your account compromised.
That’s because in an addition to your username and password Betfair will ask you to enter a one-time code, which will be sent to your phone via SMS or displayed by the Google Authenticator application for iPhone, or Android (or Blackberry and Windows).
This authentication scheme protects against a range of attacks and eliminates the risk of insecure/easily guessable passwords or shared password being leaked from other websites you use.
This feature is important if you care about the security of your account. When you have enabled Betfair’s 2FA, attackers not only have to know/guess your username and password but also guess an additional one-time password, which changes every 30 seconds. It is practically impossible to perform this type of attack due to the computational complexity it carries. With 2FA your Betfair account will have the best protection available.
HOW DO I TURN IT ON 2FA?
To turn on the 2FA feature simply login to your Betfair account and visit ‘My Account’. Under ‘My Security’ tab you will find the setup screen. Just follow the instructions to sign up and configure your options. It only takes a couple of minutes.
HOW DO I USE IT?
2FA is very easy to use and you will quickly get accustomed to the process. You start by logging in as usual. You will be presented with an additional login screen if your credentials are correct. Open the Google Authenticator from your phone and type the verification code in your browser. If the code is correct, you will be logged into your profile. You can choose to do this for every login or only for new devices within ‘My Security’.
HOW DO I DISABLE IT?
To disable 2FA simply visit your ‘My Security’ page under ‘My Account’. If 2FA is enabled for your account the status of this feature will display the message ‘On’. Click on the drop down and click ‘Turn Off’ in order to turn of 2FA.
Additionally you may choose to temporarily disable the feature. There are two options you can choose from: ‘Suspend for 1 day’ and ‘Suspend for 1 week’.
In case you are unable to use the 2FA , we can temporarily suspend it for your account. The 2FA can be disabled for 1 hour, 24 hours, or 7 days, during which you will be able to log in without entering the code.
HOW DO I DISABLE 2FA ONCE IT’S SUSPENDED?
After we temporarily suspended your 2FA, you can completely disable it from My Account. For this, you will just need to login to your account, access the My Security section, the 2FA authentication area. Select ‘Resume’, and then select ‘Remove’. This will leave your account without the 2FA configuration and you can add it again on a new device.
When you set up the 2FA you will be presented with a list of backup codes. These codes allow you to login without your phone by appending a code at the back of your password.
EXAMPLE:
If your password is ‘B3tF4!rsm$r7’ and one of the backup codes is ‘367622311’ your final password will be ‘B3tF4!rsm$r7367622311’.
For a list of all backup codes visit ‘My Account’ –>’My Security’ page.
WHAT HAPPENS IF I DON’T HAVE BACKUP CODES?
If you have given us your mobile phone number, you will have the option to send a one-time password by SMS. If this doesn’t work, you will need to give us a call. Your account security is very important to us. We will set you up in no time after we confirm your identity. Be prepared to answer some security questions related to your account.
A ‘trusted device’ is a computing unit, such as your personal phone or laptop, which you specifically approved by ticking the ‘Tick to confirm this is a trusted device’ when logging in. When logging in to a trusted device you only need to enter your username and password. You will prompted to enter the verification code for each new device the first time you login. Once approved, the device will be added to your account.
WHY USE TRUSTED DEVICES?
By limiting the access to your account solely to a list of known devices you only need to login with your username and password. This removes the need to go through the 2FA code on every login without compromising your account security provided by the 2FA login.
HOW TO USE TRUSTED DEVICES?
The first time you login from an ‘untrusted’ device you will be asked to provide your 2FA verification code. You need to tick on ‘Remember this device for future logins’. Once you login successfully, the device will be added to the approved devices lists. It is as simple as that.
HOW TO UN-TRUST A DEVICE?
In order to un-trust a device simply visit ‘My Account’ –> ‘My Security’ page and click on the ‘Edit’ button next to Login Settings. Check the ‘Forget previously trusted devices option’” and click on the “Save changes” button. Old trusted devices will be instantly forgotten and will need to be re-verified at next login.
WHICH BETFAIR PRODUCTS DO NOT EXPLICITLY ASK FOR A VERIFICATION CODE?
In addition to some third party products, the following Betfair products will require you to append the Google Authenticator code to the end of your password in the password field to successfully login.
- Mobile Web Exchange (touch.betfair.com)
- Lite (lite.betfair.com)
- Mobile Timeform (timeform.betfair.com)
- iPad Exchange native app
- Mobile Mobet
WHICH 3RD-PARTY PRODUCTS DO NOT SUPPORT 2FA?
Using the approach described above, in most cases will allow you to successfully log in to 3rd-Party products with 2FA. However the following products are known not support the current technical approach and should not be used in conjunction with 2FA.
- Bet Trader Evolution
Automated software (or bots) accessing the legacy Application Programming Interface, known as API6, will not continue to operate if 2FA is turned on. This is because the automated software does not have the ability to submit the one time verification code provided by Google Authenticator.
The next generation Application Programming Interface, known as API-NG, is available and provides an alternative strong authentication mechanism. Please contact the Betfair Developer Program for more information.
Want to get answers to your questions?
Go To Betfair FAQs