Securing your account
Securing your account on our platform is vital to protect yourself and your guests from malicious or fraudulent activity. In this article, you’ll find a few best practices to keep your account safe and what to do if you experience an account breach.
What’s in this article:
Setting up two-factor authentication
During the registration process on our platform, you must set up two-factor authentication (2FA) to give your account an extra layer of protection. With 2FA activated, you'll sign in using your username and password. In addition, we'll send a PIN code to your authenticated device.
You’ll be asked to perform 2FA when you log in to ensure your trusted device is up-to-date and correct. To further protect you and your guests from malicious or fraudulent activity you may be prompted to repeat 2FA multiple times within 24 hours.
When signing into your account for the first time, follow these steps to set up 2FA for your account:
- Log in to the extranet.
- If directed to a verification page, verify your sign-in information.
- On the Verification method page, select a working phone number or a Pulse verification code.
- Under Two Factor Authentication, enter the one-time verification code you received.
- Click on Verify now.
Please note that the phone number you select must be able to connect directly to you or someone in your team. If there's a phone tree or robotic answering system, it won't work.
Securing your Pulse account
Follow these steps to set up one or more security methods for the Pulse app:
- Log in to the Pulse app on your iPhone or iPad.
- Tap More.
- Tap on Settings.
- Tap Face ID & passcode.
- Tap Enable passcode, Enable Touch ID or Enable Face ID to set up your preferred security method.
- Follow the steps to finalise.
Follow these steps to change your Pulse app passcode on iOS devices:
- Log in to the Pulse app on your iPhone or iPad
- Tap More, then tap on Settings
- Tap Face ID & passcode
- Tap Change passcode
- Follow the steps to finalise
Please note that it’s currently not possible to change your Pulse passcode on an Android device.
Maliciously accessed or breached account
We'll never ask you to give us any sign-in information. Please contact us within 24 hours if one or more of the following happens:
- You've given your sign-in details and 2FA PIN to an unauthorised user
- Someone you believe is pretending to be a Booking.com employee asks for your sign-in details
- You receive messages or calls to make changes to your account
Do the following if you believe that someone has already maliciously accessed your account:
- Reset your Booking.com password by going to the extranet and clicking on Forgot your password?
- Check if any of your information in the extranet has changed
- Report a security issue within 24 hours
-
Legal & Security
-
- Online security awareness: social engineering
- Online security awareness: phishing and email spoofing
- Preventing unauthorised use of your account
- Securing your account
- Requirements and regulations around surveillance devices
- Digital event security standards
- Guidelines for room key access
- Keeping your property clean and sanitary
- Equipping your home property with safety devices, safety kits and emergency plans
- Protecting your home property with security devices
- Partner Liability Insurance
- Identifying and acting on potential human trafficking of refugees from Ukraine
- Report a security issue
- Online security awareness: malware
- All about our messaging security settings
-
- Why you need to complete the Know Your Partner (KYP) form
- How can I remove a property or end my partnership with Booking.com?
- My property is under new ownership. What should I do?
- Our animal welfare standards
- Where to find your General Delivery Terms (GDT)
- Complying with European Union consumer law
- Mandatory host type (professional/private) assessment
- How does parity work?
- Offer transparency and clarity through simpler policies
- Our Supplier Code of Conduct
- Meeting legal requirements for tourist accommodation in French Polynesia
- Understanding Force Majeure
- Handling emergency closures
- Supporting partners in Ukraine during the war
- VAT and tax withholding legislation in Mexico
- Energy performance certificate requirements for properties in Spain
- Understanding short-term rentals
- Short-term rentals: FAQs
- DAC7: FAQs
- Everything you need to know about DAC7
- Non-discrimination guidelines when accepting or declining a booking request
- Laws and regulations for short-term rentals in Asia-Pacific
- Laws and regulations for short-term rentals in South America
- Laws and regulations for short-term rentals in North America
- Laws and regulations for short-term rentals in Europe, the Middle East and Africa
- Israel VAT display and additional charges
- Short-term rental licence requirements in New York City, NY
- Everything you need to know about Sharing Economy Reporting Regime (SERR)
- Everything you need to know about the Digital Services Act (DSA)
- Welcoming guests with assistance animals
- Statement on Non-discrimination, Harassment and Abuse
- Accommodation Agreement and General Delivery Terms
- Everything you need to know about the compliance centre
- When the contracting name on your accommodation agreement is wrong
- When involved parties contact us