Securing your account
Securing your account on our platform is vital to protect yourself and your guests from malicious or fraudulent activity. In this article, you’ll find a few best practices to keep your account safe and what to do if you experience an account breach.
In this article:
Setting up two-factor authentication
During the registration process on our platform, you must set up two-factor authentication (2FA) to give your account an extra layer of protection. With 2FA activated, you'll log in with your username and password. In addition, we'll send a PIN to your authorized device.
You’ll be asked to perform 2FA when you log in to ensure your device is trusted and up to date. For further protection from malicious or fraudulent activity, you may be prompted to repeat 2FA multiple times within 24 hours.
When signing in to your account for the first time, follow these steps to set up 2FA:
- Log in to the Extranet
- If directed to a verification page, verify your sign-in information
- On the Verification method page, select a working phone number or a Pulse verification code
- Under Two Factor Authentication, enter the one-time verification code you received
- Click Verify now
The phone number you select must be able to connect directly to you or someone in your team. If there's a phone tree or robotic answering system, it won't work.
Securing your Pulse account
Follow these steps to set up one or more security methods for the Pulse app:
- Log in to the Pulse app on your iPhone or iPad
- Tap More
- Tap Settings
- Tap Face ID & passcode
- Tap Enable passcode, Enable Touch ID, or Enable Face ID to set up your preferred security method
- Follow the steps to finalize
Follow these steps to change your Pulse app passcode on iOS devices:
- Log in to the Pulse app on your iPhone or iPad
- Tap More, then Settings
- Tap Face ID & passcode
- Tap Change passcode
- Follow the steps to finalize
Note: It’s currently not possible to change your Pulse passcode on an Android device.
Maliciously accessed or breached account
We'll never ask you to give us any log-in info. Contact us within 24 hours if any of the following happens:
- You gave your sign-in details and 2FA PIN to an unauthorized user
- Someone you think is pretending to be a Booking.com employee asked for your log-in details
- You received messages or calls to make changes to your account
Follow these steps if you believe someone already accessed your account maliciously:
- Reset your Booking.com password by going to the Extranet and clicking Forgot your password?
- Check if any of your info on the Extranet has changed
- Report a security issue within 24 hours
-
Legal & Security
-
- Online security awareness: social engineering
- Online security awareness: Phishing and email spoofing
- Preventing unauthorized use of your account
- Securing your account
- Requirements and regulations for surveillance devices
- Digital event security standards
- Guidelines for room key access
- Keeping your property clean and sanitary
- Equipping your home property with safety devices, safety kits, and emergency plans
- Protecting your home property with security devices
- Partner Liability Insurance
- Identifying and acting on potential human trafficking of refugees from Ukraine
- Report a security issue
- Online security awareness: Malware
- All about our messaging security settings
-
- Why you need to complete the Know Your Partner (KYP) form
- How can I remove a property or end my partnership with Booking.com?
- My property is under new ownership. What should I do?
- Our animal welfare standards
- Where can I find my General Delivery Terms (GDT)?
- Complying with European Union consumer law
- Mandatory host type (professional/private) assessment
- How does parity work?
- Offer transparency and clarity through simpler policies
- Our Supplier Code of Conduct
- Understanding Force Majeure
- Handling emergency closures
- VAT and tax withholding legislation in Mexico
- Understanding short-term rentals
- Short-term rentals: FAQs
- DAC7: FAQs
- Everything you need to know about DAC7
- Non-discrimination guidelines when accepting or declining a booking request
- Laws and regulations for short-term rentals in Asia-Pacific
- Laws and regulations for short-term rentals in North America
- Short-term rental license requirements in New York City
- Everything you need to know about Sharing Economy Reporting Regime (SERR)
- Everything you need to know about the Digital Services Act (DSA)
- Accommodation Agreement and General Delivery Terms
- Everything you need to know about the compliance center
- When the contracting name on your accommodation agreement is wrong
- When involved parties contact us