Securing your account

Securing your account on our platform is vital to protect yourself and your guests from malicious or fraudulent activity. In this article, you’ll find a few best practices to keep your account safe and what to do if you experience an account breach.

In this article:

Setting up two-factor authentication

During the registration process on our platform, you must set up two-factor authentication (2FA) to give your account an extra layer of protection. With 2FA activated, you'll log in with your username and password. In addition, we'll send a PIN to your authorized device. 

You’ll be asked to perform 2FA when you log in to ensure your device is trusted and up to date. For further protection from malicious or fraudulent activity, you may be prompted to repeat 2FA multiple times within 24 hours.

When signing in to your account for the first time, follow these steps to set up 2FA:

1. Log in to the Extranet 
2. If directed to a verification page, verify your sign-in information
3. On the Verification method page, select a working phone number or a Pulse verification code
4. Under Two Factor Authentication, enter the one-time verification code you received
5. Click Verify now

The phone number you select must be able to connect directly to you or someone in your team. If there's a phone tree or robotic answering system, it won't work. 

Securing your Pulse account

Follow these steps to set up one or more security methods for the Pulse app:

1. Log in to the Pulse app on your iPhone or iPad
2. Tap More
3. Tap Settings
4. Tap Face ID & passcode
5. Tap Enable passcode, Enable Touch ID, or Enable Face ID to set up your preferred security method
6. Follow the steps to finalize

Follow these steps to change your Pulse app passcode on iOS devices:

1. Log in to the Pulse app on your iPhone or iPad
2. Tap More, then Settings
3. Tap Face ID & passcode
4. Tap Change passcode
5. Follow the steps to finalize

Note: It’s currently not possible to change your Pulse passcode on an Android device. 

Maliciously accessed or breached account

We'll never ask you to give us any log-in info. Contact us within 24 hours if any of the following happens:

• You gave your sign-in details and 2FA PIN to an unauthorized user
• Someone you think is pretending to be a Booking.com employee asked for your log-in details
• You received messages or calls to make changes to your account

Follow these steps if you believe someone already accessed your account maliciously:

• Reset your Booking.com password by going to the Extranet and clicking Forgot your password?
• Check if any of your info on the Extranet has changed
• Report a security issue within 24 hours