Keep your account safe

Hey guys,

As you may be aware, the Nintendo network has fallen victim to hacking, and some Nintendo accounts have been compromised.

We would advise any clients with a Nintendo account to change their password for their Trading 212 account & just in case to enable the Passcode lock (account Settings tab) as an extra layer of precaution. :lock:


Don’t have a Nintendo console anymore. Don’t know if my Nintendo account still exists. Activated Touch ID on iPhone. Thanks!

1 Like

I believe it would be helpful to try searching your own email address in Google - sometimes the results might be fascinating. :man_shrugging: Better safe than sorry. :v:

Did the same, activated fingerprint access straight away xD it it really nice that such kind of info comes from team side, thanks


I started using 1Password some years ago. Migrated to iCloud passwords recently. Only using generated passwords since 1Password. I have some older accounts with not so safe passwords. Most of those accounts aren’t used anymore. I tried to search a database with data from hacks and noticed some really old accounts associated with my mail address which the password was already changed or the company was already shutdown :slight_smile:

On the other hand I have no idea how could I’ve missed option for fingerprint authorisation :sweat_smile: since when is it available?

By the way, you can check here for example:

remember that generated passwords are not necessarily safer than ones you come up with yourself.

the most secure password is an unrecorded one that is using the maximum characters allowed and this can rather be thought of as a “passphrase” rather than a word.

a whole sentence made up by you that is not a quote, has no spaces, perhaps occasionally has a number thrown in somewhere and cannot be guessed even by those who know you, that is say 32 characters long is practically impossible for a machine or person to gain access to. the only risks then are if the company itself gives up your password such as in this case where a site got hacked and a database exposed.

passwords/passphrases ultimately need to be easily remembered by you, which is why it is no good having something computer generated that you need to save in a password manager on your device. to a brute force machine hack, both your phrase and the generated password are equally as time expensive to hack which is why length is the only viable counter.

Depends on the generated requirements. A password with uppercase, lowercase, numbers and characters and 15 characters long is safe.

in a brute force attack there is no difference between a user defined password that is 15 characters and contains each of the types, avoiding poor choices and obvious associations, and a generated password of 15 characters with all the same types. AI will spend roughly the same amount of time to crack both given nothing to prevent it retrying infinitely.

if the autogenerated password is 15 characters and yours is 16, both using all of the types, yours is safer because it is longer thus requiring far longer for the AI to calculate through the encryption.

the person who originally coined the “use these different types of characters to make a safer password” is on the record a while back apologising for getting it wrong. He gave the advice in a time where the only threat to your account was another person, and usually someone who knew you. nowadays hacks without social-phishing are AI driven and the AI won’t distinguish between whether or not you used all the special types. it will iterate according to its programming through all the types the password field accepts, starting from the simplest and easiest to more complex patterns.

my point is simple, do not record your password anywhere because it is easier to steal passwords recorded in a place than to crack the password directly where it needs to be used and always use the maximum characters allotted to you. Update frequently so that any attempts are time wasted and a hack must start from the beginning, monthly at the latest is often recommended.

people need to be able to remember their passwords, generated passwords miss this factor entirely. you don’t need a perfectly unique password for every place and service you visit, because after you make enough you fall into a predictable pattern that can be used against you to figure out your password habits across accounts. you just need to determine a few “levels” of security for where each account belongs and use a secure memorable password for those in the same level, frequently changing it so its always secure. Your main email where everything is backed up to must be unique and the most secure, changed the most frequently. your games and hobby accounts that have no impact on your life if hacked can be less secure and share a password without issue, but never use a game/hobby password shared with your social/financial accounts etc.

I have had countless accounts needing passwords and its not feasible to rely on a generated password for every single one or making custom unique passwords and remembering them. you end up relying on a service that stores them for you (effectively giving that service access to your accounts) and once that service gets hacked, so have all of your accounts, which you will find impossible to then go through every last one and change to new passwords without relying on yet another service to hold them for you.

I have no more than 10 unique passwords at any one time, with 3 of them being unique to a particular service. these are not recorded and so can’t be stolen unless the site my account is on gets compromised, then I just change all the accounts in that password group to a new password. groups like my old gaming accounts had more than 1 group and the games in each group occasionally rotated based on which I used most or least. I also used multiple email addresses keeping my most important account free from less important stuff.

1 Like

2-factor auth would have been a nice feature in this situation… :wink:

1 Like

in 1 way or another its becoming the standard for all types of accounts. the issue is that 2 factor can also compromise your security since the human element gets emphasised. a person needs only steal your phone to get easier access to your accounts as that is typically where the 2nd factor is sent.

always make sure to keep an eye on things and if you are worried something may be compromised, make changes straight away, don’t sleep on it as you may then be too late.

i’m all for features that will help. though I dread the day accessing my bank account will need me to lick a stick, scan my eyes and fingerprints while rehearsing the national anthem backwards in baritone xD at the same time!! :exploding_head: :crazy_face:

@tiberiu89 2FA is useful (and in our ToDo list, as you know already), yet using our Passcode lock + Face ID/Fingerprint will be even safer, I believe.

Breaches, like the one mentioned above, are on email level and unrelated to us. So having an extra layer of protection on Trading 212 account level will keep you away from the risks.

By the way, remember the posts about the limitation of available options upon withdrawal? Well precisely those strict AML precautions and internal procedures will get you out of trouble should someone gains access to your account .

Long story short: we got your back. :v:


Only if you are using an original Nokia 3310.
I can give you my iPhone (locked) for a whole week, if you manage to access any of my accounts, I give you 50k €, otherwise you have to give me 10k €.
Do we have a deal? :wink:

nah. I’m not hurting for money and I work with phones so it’s an unfair challenge slightly to my advantage :wink: being safety aware is all about making sure people don’t overlook something because they assume just having a password is enough. :thinking:

its not surprising these days how many people don’t even lock their phones, and when they do passwords can be figured out in less than 5 attempts about 80% of the time. :zipper_mouth_face:

1 Like

was a kind of joke… but I agree on your points on being more secure and more cautious :wink:

I totally agree we all need to be OCD with online security. Another extra measure you can take is using alias email address for anything you need to sign for using an email address. Outlook is the one I use. Every little helps :wink:

Hi guys when is 2FA coming? It’s a pretty basic and crucial security feature and was promised in May… I’m just getting increasingly worried about the funds sitting in my account protected by as password which could be nabbed through an email or malware hack…

@Cartoonheart, I think the security lies in the way that funds can be retrieved.
I think that the only way to retrieve your funds in T212 is to send them back the way you put them in.
For example, if you funded your account using a bank transfer from your account XYZ with Deutsche Bank (example bank), the only way to get the funds back is sending the money to that same account.

Therefore, the only thing that hackers can do is to send the money back to your account with your bank (Deutsche Bank in this case) in which case it will still be protected by your bank.

@Tony.V can you confirm if this is how the additional protection works?