We’re changing how you log in to your account by replacing traditional passwords with a simpler more secure user verification method.
Each time your log in using your verified email address, we’ll send a secure magic link to your inbox and once you click that link, we’ll run some fraud prevention checks before allowing you to access your account. As we’ll be using a unique secret token each time you login from your device, you must log in from the same device that you used to access the magic link email.
If you’re using our mobile app, you can continue to use your device biometrics like Face ID, but we may occasionally send you a magic link for security reasons.
Why we’re making this change
We are making these improvements to further strengthen the security of our digital services. Many other services now use this method for account access and it is widely recognised as being more secure than continuing to use traditional passwords.
Increased security: Significantly reduces the risk phishing attacks by fraudsters.
Improved member experience: You no longer have the frustration of remembering, resetting, or typing complex passwords.
What you need to do
We are migrating members’ accounts to this new secure authentication method over the coming weeks and when your account is migrated, you’ll see the new improved experience when you login.
If you don’t have time to migrate to the new process and just need access to your account, you can skip the process. However, the next time you login, we’ll migrate you and we’ll send you a magic link.
If you use device biometrics to access our app, you can continue to do this after you complete the migration process and click on the magic link.
Each magic link is:
• Time-limited – it expires after a short period of time for safety.
• Single-use only – it can't be used again so you can safely delete the email once you’ve used it to login.
• Tied to your device – when you click the link, we check a few secure details about your device to help confirm it’s really you. You will need to open the link on the same device you are trying to log into.
Not getting the magic link email?
• Check your spam or junk folder.
• Request the email be re-sent, make sure you retype the correct email.
• Wait a few moments – sometimes emails take a minute or two.
Do I need to verify my identity each time I log in?
As part of our enhanced authentication processes, to help prevent unauthorised access to your account, we use multi-factor fraud detection systems to continually evaluate account access patterns. If we believe account access is suspicious or out of character, we may request additional security including ID checks to ensure your account remains fully protected and it really is you accessing the account.
Verification of identity should rarely be required but if you want to find out more about the process, you can view this article