For two consecutive days now i've had to change my password before being able to access my Betfair account....previously i'd had the same password for nineteen years.
Same here, hope it makes you feel better that you're not alone, I've been keeping an eye on the forum hoping it wasn't just me, had to do it 3 or 4 times since yesterday, get the code sent to phone, stick it in and it ends up letting you keep the same bloody password anyway...couldn't believe it, right on Cheltenham....afraid to log out now...obviously a glitch somewhere!!!!
Same here, hope it makes you feel better that you're not alone, I've been keeping an eye on the forum hoping it wasn't just me, had to do it 3 or 4 times since yesterday, get the code sent to phone, stick it in and it ends up letting you keep the sam
This usually means someone has tried three times to hack into your account. You can check for failed log-ins here https://myaccount.betfair.com/accountdetails/mysecurity?showAPI=1
Make sure you have 2FA switched on.
This usually means someone has tried three times to hack into your account. You can check for failed log-ins here https://myaccount.betfair.com/accountdetails/mysecurity?showAPI=1Make sure you have 2FA switched on.
Thing is, if I log out now the chances are I'll have to reset again, but it doesn't even make me change my password, it just makes you go through the process of getting the code to your phone, putting it in and then, in my case lets me sign in with my existing password....makes no sense
Thing is, if I log out now the chances are I'll have to reset again, but it doesn't even make me change my password, it just makes you go through the process of getting the code to your phone, putting it in and then, in my case lets me sign in with m
Looks like it, 4 times that I can see, not me, IP address coming up from the Midlands which isn't me, problem is, even with 2 step authentication, if they carry on trying, we'll have to carry on resetting won't we?
Looks like it, 4 times that I can see, not me, IP address coming up from the Midlands which isn't me, problem is, even with 2 step authentication, if they carry on trying, we'll have to carry on resetting won't we?
presumably you are using an email address as user id? If so might be worth changing to a new email specifically for betfair (although I don't know if this is easy to do).
presumably you are using an email address as user id? If so might be worth changing to a new email specifically for betfair (although I don't know if this is easy to do).
Having to reset password two or three times a day at the moment, IP addresses are from the UK. but various locations. so using VPN. I am using username, not email address if that helps. Betfair are aware.
Having to reset password two or three times a day at the moment, IP addresses are from the UK. but various locations. so using VPN. I am using username, not email address if that helps. Betfair are aware.
Some years ago when I had a problem on here I asked betfair if I could change my username which contained most of my email address but they refused to allow it.
Some years ago when I had a problem on here I asked betfair if I could change my username which contained most of my email address but they refused to allow it.
I don't think switching on 2FA stops this being a pain (I think if they try the username and wrong password without getting as far as 2FA enough times it still triggers the problem behaviour) but it's certainly peace of mind if you know your account is being actively targeted.
I don't think switching on 2FA stops this being a pain (I think if they try the username and wrong password without getting as far as 2FA enough times it still triggers the problem behaviour) but it's certainly peace of mind if you know your account
I wonder what error message betfair gives when a non-existent username is entered. If they say "user doesn't exist" or the like, rather than "wrong user or password" when either a the pass or user is wrong, a bad actor could simply enter millions of random usernames until they got a "password wrong" message and then they'd know they had a valid username.
I wonder what error message betfair gives when a non-existent username is entered. If they say "user doesn't exist" or the like, rather than "wrong user or password" when either a the pass or user is wrong, a bad actor could simply enter millions of
Have been asked at least a dozen times over last month or three , but you dont need to change it , just follow links and reinput same old password , no probs . Must be a generated request based on user times or some such arbitary feature , has ntg to do with yur inputting wrong password .
Have been asked at least a dozen times over last month or three , but you dont need to change it , just follow links and reinput same old password , no probs . Must be a generated request based on user times or some such arbitary feature , has ntg to
@dave1357 - that ought to be trivial to test, and indeed telling user "no account exists for that username" or the like is known bad practice and has been for a long while (not going to test right now as I don't want to trash my session just before the first race of the Festival)
@paulo47 - are you saying you have checked in the Security section for failed logins from unknown IP addresses and there are none?
@dave1357 - that ought to be trivial to test, and indeed telling user "no account exists for that username" or the like is known bad practice and has been for a long while (not going to test right now as I don't want to trash my session just before t
i did test it on another browser and it gives the same error page for pass wrong and user wrong. So that still leaves the question about how usernames are being discovered.
i did test it on another browser and it gives the same error page for pass wrong and user wrong. So that still leaves the question about how usernames are being discovered.
dave1357, I would think rather than usernames being discovered, they are just guessed, along with the password, just chancers. I have a quite basic username and had a couple of hack attempts over past two years, but have 2fa so not too worried. Would be nice to change to a more complicated username but don't know if BF allow it.
dave1357, I would think rather than usernames being discovered, they are just guessed, along with the password, just chancers.I have a quite basic username and had a couple of hack attempts over past two years, but have 2fa so not too worried.Would b
what message do those with the problem get when you log on? Is it something that says "account locked" or similar? If that is the case, then that could be a way that account names are id'd. ie rando user name/rando password: keeps getting "wrong user/pass" message, they know user is a dud, gets an account locked message, they know the username is valid.
what message do those with the problem get when you log on? Is it something that says "account locked" or similar? If that is the case, then that could be a way that account names are id'd. ie rando user name/rando password: keeps getting "wrong user