Betfair’s two-step authentication reduces the chance of having your account compromised.
That’s because in an addition to your username and password Betfair will ask you to enter a one-time code, which will be sent to your phone via SMS or displayed by the Google Authenticator application for iPhone, Android, Blackberry and Windows Phone. This authentication scheme protects against a range of attacks and eliminates the risk of insecure/easily guessable passwords or shared password being leaked from other websites you use.
This feature is important if you care about the security of your account. When you have enabled Betfair’s two-step authentication, attackers not only have to know/guess your username and password but also guess an additional one-time password, which changes every 30 seconds. It is practically impossible to perform this type of attack due to the computational complexity it carries. With two-step authentication your Betfair account will have the best protection available.
How do I turn it on?
To turn on the two-step authentication feature simply login to your Betfair account and visit ‘My Account’. Under ‘My Security’ tab you will find the setup screen. Just follow the instructions to sign up and configure your options. It only takes a couple of minutes.
How do I use it?
Two-step authentication is very easy to use and you will quickly get accustomed to the process. You start by logging in as usual. You will be presented with an additional login screen if your credentials are correct. Open the Google Authenticator from your phone and type the verification code in your browser. If the code is correct, you will be logged into your profile. You can choose to do this for every login or only for new devices within 'My Security'.
How do I disable it?
To disable two-step authentication simply visit your ‘My Security’ page under ‘My Account’. If two-step authentication is enabled for your account the status of this feature will display the message ‘On’. Click on the drop down and click ‘Turn Off’ in order to turn of two-step authentication.
Additionally you may choose to temporarily disable the feature. There are two options you can choose from: ‘Suspend for 1 day’ and ‘Suspend for 1 week’.
In case you are unable to use the two-step authentication, we can temporarily suspend it for your account. The two-step authentication can be disabled for 1 hour, 24 hours, or 7 days, during which you will be able to log in without entering the code.
How do I disable two-step authentication once it’s suspended?
After we temporarily suspended your two-step authentication, you can completely disable it from My Account. For this, you will just need to login to your account, access the My Security section, the two-step authentication area. Select ‘Resume’, and then select ‘Remove’. This will leave your account without the two-step authentication configuration and you can add it again on a new device.
When you set up the two-step authentication you will be presented with a list of backup codes. These codes allow you to login without your phone by appending a code at the back of your password.
Example:
If your password is ‘B3tF4!rsm$r7’ and one of the backup codes is ‘367622311’ your final password will be ‘B3tF4!rsm$r7367622311’. For a list of all backup codes visit ‘My Account’ -->’My Security’ page.
What happens if I don’t have backup codes?
If you have given us your mobile phone number, you will have the option to send a one-time password by SMS. If this doesn’t work, you will need to give us a call. Your account security is very important to us. We will set you up in no time after we confirm your identity. Be prepared to answer some security questions related to your account.
A ‘trusted device’ is a computing unit, such as your personal phone or laptop, which you specifically approved by ticking the 'Tick to confirm this is a trusted device' when logging in. When logging in to a trusted device you only need to enter your username and password. You will prompted to enter the verification code for each new device the first time you login. Once approved, the device will be added to your account.
Why use trusted devices?
By limiting the access to your account solely to a list of known devices you only need to login with your username and password. This removes the need to go through the two-step verification code on every login without compromising your account security provided by the two-step authentication login.
How to use trusted devices?
The first time you login from an ‘untrusted’ device you will be asked to provide your two-step authentication verification code. You need to tick on ‘Remember this device for future logins’. Once you login successfully, the device will be added to the approved devices lists. It is as simple as that.
How to un-trust a device?
In order to un-trust a device simply visit ‘My Account’ --> ‘My Security’ page and click on the ‘Edit’ button next to Login Settings. Check the ‘Forget previously trusted devices option’” and click on the “Save changes” button. Old trusted devices will be instantly forgotten and will need to be re-verified at next login.
Which Betfair products do not explicitly ask for a verification code?
In addition to some third party products, the following Betfair products will require you to append the Google Authenticator code to the end of your password in the password field to successfully login.
- Mobile Web Exchange (touch.betfair.com)
- Lite (lite.betfair.com)
- Mobile Timeform (timeform.betfair.com)
- iPad Exchange native app
- Mobile Mobet
Which 3rd-Party products do not support Two-Step Authentication?
Using the approach described above, in most cases will allow you to successfully log in to 3rd-Party products with two-Step Authentication. However the following products are known not support the current technical approach and should not be used in conjunction with two-Step Authentication.
- Bet Trader Evolution
Automated software (or bots) accessing the legacy Application Programming Interface, known as API6, will not continue to operate if Two-Step Authentication is turned on. This is because the automated software does not have the ability to submit the one time verification code provided by Google Authenticator.
The next generation Application Programming Interface, known as API-NG, is available and provides an alternative strong authentication mechanism. Please contact the Betfair Developer Program for more information.