Keeping your money safe matters.
It matters to you and it matters to us.
Cyber criminals are becoming more active across the financial services industry, which is why we are strengthening account security across Stockspot.
What’s changing
We are introducing mandatory two factor authentication for all logins to the Stockspot dashboard and app.
If you already use an authenticator app for login, nothing will change.
If you haven’t set this up yet, you will receive a one time verification code by email when you log in. This sits on top of your password and adds an extra layer of protection.
You can also choose to save to your device as a trusted device for 30 days. This means you will not need to enter a code every time you log in from the same device.
Two factor authentication is already required for all withdrawals. This change extends that same level of protection to logins.
Why two factor authentication helps
Passwords alone are no longer enough.
Many data breaches happen outside the financial services industry. When passwords are reused across multiple sites, criminals can test those details on investment and banking platforms.
Two factor authentication stops this. Even if someone knows your password, they still cannot access your account without the verification code.
Strong passwords still matter
A strong and unique password is your first line of defence.
We now require passwords to be at least 12 characters long. The jump from 8 characters to 12 is much bigger than most people realise.
An 8 character password could be cracked in days using modern hardware. However a strong 12 character password would take around 150,000 years.
Choose a password you have never used anywhere else.
If you want to check whether an old password has appeared in a known data breach, you can use the trusted tool at haveibeenpwned.com.
What about convenience?
We know security needs to also be practical.
That is why you can save a trusted device for 30 days. During that time you won’t be asked for a verification code again unless something changes, such as a new device or location.
On the mobile app, the verification code is only required the first time you log in or if you reinstall the app. After that you can continue using your PIN or biometric login.
For most clients, day to day access will feel the same.
What you can do now
Log in and update your password to something strong and unique.
Set up two factor authentication using an authenticator app if you haven’t already. This is the most secure option and can be enabled in the Your Profile section of the dashboard.
Check that your contact details are up to date so you receive important security messages.
Keep your phone and computer software updated.
If anything looks wrong, contact us straight away at enquiries@stockspot.com.au. Clients who email us will receive a priority callback if needed.
These changes are about protecting your money and your personal information.
Thanks for helping us keep your Stockspot account secure.
You can also find clear guidance on staying safe online at cyber.gov.au.
FAQs
Where do I enter the one time verification code?
On the dashboard, you will be prompted to enter the code after logging in on the website. You can choose to save the device for 30 days.
On the mobile app, the code is required for the first login only or after reinstalling the app. After that you can use your normal PIN or biometric login.
I’m not receiving the verification email
Sometimes the message can get stuck in spam. Check that enquiries@stockspot.com.au is marked as safe or saved as a contact with your email provider, then request another code and check your inbox.
If you still don’t receive an email, contact our Client Care and Advice team via phone or email.
I requested a code several times and now I am locked out
Please contact our Client Care and Advice team for assistance.
Is two factor authentication mandatory?
Yes. Multifactor authentication is now required to keep your account secure.
If you prefer not to receive emails, you can set up two factor authentication using an authenticator app instead. This is the most secure option and can be enabled in the Your Profile section of the dashboard.
Why am I being asked to reset my password?
We have asked all clients to strengthen their passwords as part of these security improvements. Once your password is updated, you will be able to log in using either the authenticator app or the email verification code.
I keep being asked to reset my password even though I already have
This usually means the email address or password entered is incorrect or your device is using an old saved password.
Try typing your new password carefully rather than relying on autofill. If the issue continues, reset your password again and enter it manually when logging in.
