Betfair security

[Derek27]

Edit: The key practices highlighted in this thread to ensure your Betfair account is secure are:-

• Using 2-step authentication which requires a one-time passcode via SMS or Google Authenticator

• Secure storage of your backup codes for use if you don't have your mobile

https://support.betfair.com/app/answers/detail/a_id/126

---

I decided to change my password, but before doing so I realised my mobile number and email address was out of date. So I changed and verified my phone, followed by email and then password. A confirmation email was sent to my new email address but not the old one.

Now I'm thinking anyone who got hold of my username and password could easily switch it to his own phone and email, change the password and lock me out without any notification.

[jamesg46]

I decided to change my password, but before doing so I realised my mobile number and email address was out of date. So I changed and verified my phone, followed by email and then password. A confirmation email was sent to my new email address but not the old one.

Now I'm thinking anyone who got hold of my username and password could easily switch it to his own phone and email, change the password and lock me out without any notification.

Use 2 step, unless they have you pinned down and a hold of your mobile they wont be changing or accessing anything.

[sniffer66]

I decided to change my password, but before doing so I realised my mobile number and email address was out of date. So I changed and verified my phone, followed by email and then password. A confirmation email was sent to my new email address but not the old one.

Now I'm thinking anyone who got hold of my username and password could easily switch it to his own phone and email, change the password and lock me out without any notification.

Use 2 step, unless they have you pinned down and a hold of your mobile they wont be changing or accessing anything.

Same. I use 2 step, Google Authenticator for everything these days - Paypal, even FB. Had a few attempted hacks

[Kai]

2 step is great, only takes a moment to set up and it's much easier than it sounds, Betfair have made a 2min tutorial : https://www.youtube.com/watch?v=8x76Zet62Is

You get 10 backup codes in case something happens with your phone, which enabled me to log in when one of my phones died until I got a new one, or you can use them to temporarily turn off 2 step etc.

[Bog]

I use 2 steps auth also, better security. I once had a failed login with an ip from South Korea... So it's better to be safe

[Dallas]

+1 from me, would never not use 2-step

[PDC]

It is really important you keep those backup codes somewhere. My Google Authentication app went out of sync for some reason. It is a known issue with the app. No matter what you do you will not be able to get it back in sync and without the back up codes you are locked out.

Thankfully I had the back up codes saved and was able to get back into my account. Turn off 2 step and then set up up all over again.

Betfair probably would have been able to get me back into my account eventually I guess but I wouldn't like to think how many hoops you would have to jump through, quite rightly before they got you back in. Perhaps they wouldn't be able to.

So again, if you haven't got those back up codes saved somewhere do it now as the app could go wrong at anytime and this applies to all sites you use 2FA!

[Kai]

It is really important you keep those backup codes somewhere.

I use KeePass Password Safe for that purpose, it's a free open-source password manager and a good place to keep all the sensitive stuff. My brother who is a highly paid security expert in this industry recommended it so it must be decent at least, it's not very user friendly at first but I'm very happy with it. I usually let KeePass randomly create my passwords with at least 128-Bit key encryption, except the non-important passwords which I let Chrome memorize instead.

I actually don't really know what my Betfair password is, gun to my head I wouldn't be able to say it out loud, but my muscle memory knows it extremely well because it types it in often enough.

[Derek27]

Thanks for the feedback. I've always been put off 2-step because I log in on 3-4 devices but having said that I am logged in all-day so it shouldn't be too much inconvenience - I'll look into it.

I use LastPass as my password manager. Can't really manage without one now.

[Dallas]

It is really important you keep those backup codes somewhere. My Google Authentication app went out of sync for some reason. It is a known issue with the app. No matter what you do you will not be able to get it back in sync and without the back up codes you are locked out.

I've had my phone die on me without knowing it right when I needed it once and always have my back up codes stored away separately which will have taken a few mins to retrieve, it's still a small price to pay though for the piece of mind

[Kai]

I use LastPass as my password manager. Can't really manage without one now.

I think a lot of people stopped using LastPass after it got hacked back in 2015. They also had some very recent bug or exploit issues that could leak stuff to malicious websites. I don't really know how normal or frequent the bugs are in general for this type of software but LastPass never really filled me with much confidence tbh.

[PDC]

Thanks for the feedback. I've always been put off 2-step because I log in on 3-4 devices but having said that I am logged in all-day so it shouldn't be too much inconvenience - I'll look into it.

I use LastPass as my password manager. Can't really manage without one now.

Once you have done it a few times it just becomes part of the log in process you go through each day on auto and it really is no hassle.

If someone got into your account and took your money I would imangine that would cause an untold amount of hassle and annoyance and leave you wishing why on earth didn't you put 2FA on.

I have never used a password manager but I think I will look at them as more people seem to be using them. My worry, probably daftly, is giving up my passwords to a third party.

I have often seen it said that you are probably safest coming up with complicated passwords and just having them on a sheet of paper at home. But I would not fancy the hassle and worry should my house be broken into and that sheet taken.

It is also really important to ensure you use a different password for each site you use which I know sounds like a hassle but it really isn't if you come up with a system.

This article by Martin Lewis from Money Saving Expert is quite old now and I haven't read it for a while but thought I would share it anyway as I am sure it is still of use to people when creating said system:

https://blog.moneysavingexpert.com/2011 ... mber-them/

[weemac]

My solution is to have the same 'base' word with various Caps, symbols etc for all sites. Then I simply include a number 1 somewhere in it for my bank password, 2 for Amazon, 3 for paypal, and so on. (These are just examples!! ) That means I can carry a piece of paper in my wallet with "bank 1, amazon 2, paypal 3, etc. written down, so they're useless to anyone but me, and are easy to change if necessary.

But 2FA is still a must for financially sensitive sites.

[Kai]

I have never used a password manager but I think I will look at them as more people seem to be using them. My worry, probably daftly, is giving up my passwords to a third party.

People usually have an issue with storing their password online (like LastPass etc), hence the need for local storage of passwords and sensitive information (like KeePass etc). It's practically the digital equivalent of a wall safe, its data cannot simply be copied off your computer as if it were a txt file, in order to open KeePass on your computer you need a locally stored key file along with your master password.

In any case, it's good to have different options to suit people's preferences and needs.

[Bog]

It is really important you keep those backup codes somewhere.

I use KeePass Password Safe for that purpose, it's a free open-source password manager and a good place to keep all the sensitive stuff. My brother who is a highly paid security expert in this industry recommended it so it must be decent at least, it's not very user friendly at first but I'm very happy with it. I usually let KeePass randomly create my passwords with at least 128-Bit key encryption, except the non-important passwords which I let Chrome memorize instead.

I actually don't really know what my Betfair password is, gun to my head I wouldn't be able to say it out loud, but my muscle memory knows it extremely well because it types it in often enough.

I think I will try KeePass if it's that good. I have all my pass in a text file, I know, not a good thing, so maybe it's time for a change. Cheers