post title

Protecting Your Tebex Account

Your account security should be your number one priority. At Tebex we often get emails from merchants who are in a state of panic because they have seen

by Louise Posted on 27 April 2022

Your account security should be your number one priority. At Tebex we often get emails from merchants who are in a state of panic because they have seen an unusual login notification, or their password was changed and their account lost. The end result is the merchant needs to go through a stressful time recovering their account, which can be avoided if the proper measures are taken.

Two Factor Authentication

With Tebex your account is secured by TFA, which is mandatory, and as a precaution, we don't allow your account to deactivate TFA fully. We enforce this for the safety of your account and to limit the need for account recovery.

TFA can be secured via email or Google Auth with SMS as a backup. We would recommend Google Auth out of the two options, but please feel free to use the one that is best for you.

Email TFA - A passcode will be sent to the email address that owns your account. This is a standard TFA system that is widely used, but you must ensure that your email account is entirely secure and you never share access to your email.
Google Authenticator - Use the Google Auth app (download from Google Play Store on your phone), and easily add your Tebex account. When you login you will be required to input a passcode, easily found in your Google Auth app. We recommend Google Auth above the other options for TFA. 
SMS (As a backup for Google Auth) - You will be sent a text message containing your passcode. We have seen instances of merchants being unable to receive their texts due to their network therefore this may not be 100% reliable - this can be resolved by contacting support, however.

Both options are valid and can be good forms of TFA, however, each type can have a downside. If you use the email TFA, make sure your email account is fully secure, with a strong password and never share your account with anyone. If you use Google Auth with SMS as a backup and update to a brand new phone, make sure you update your TFA to your new mobile so you don't lock yourself out of your account.

Never Share Your Tebex Account Or Email

We sometimes see instances where the owner of an account contacts us because their account no longer exists and they can't login - the common cause of this is they have shared access to their account and the other person has changed the email on the Tebex profile, effectively stealing the account! Don't let this be you. Never allow anyone access to your email account, or give anyone the login to your Tebex account. You risk losing your account.

We would need to do account recovery for you in this instance, and you would need to send us information that proves you own the account - one of the things we will check is your account information. We can see a history of the changes made to an account wallet, so if you lose access to your account and the wallet info is changed, don't worry, we can still see what you had originally saved. But, did you put your genuine information?

Using Fake Information On Your Account

We often see people using silly text for their account information.

First name - Mine.
Last name - Craft.
First line of address - Skyblock Island.
City - Idk
Country - asdfasdf

Well, that may sound like a fun idea at the time, but did you know doing this could result in your failing account recovery? If you have lost access to your account, one of the things we ask you to prove is your identity - if your ID does not match the information in your account, it's highly likely we won't be able to restore access and you could lose your account permanently.  

Always use your genuine personal information to make account recovery as simple as possible. 

Don't take the risk, you've worked hard on your store and if you're lucky you have earned yourself some money - don't throw that away by using false info that doesn't prove who you are.

Letting Other People Log Into Your Wallet To Withdraw

There should be absolutely no reason for this to ever occur. If you need to pay an employee you need to withdraw to your own account and process employee wages normally - you should never attempt to use the wallet as a means to do this.

If you are not the sole owner of your organisation and you have business partners, then the solution is not to share access to your account or wallet. The solution is trust. Don't enter into a business arrangement with someone you don't trust to legally handle company/business funds, it may sound very simple, but that is because it is.

Personal wallets - Only use your own personal bank accounts/PayPal for withdrawals. 
Business wallets - You should use the company bank accounts/PayPal for your withdrawals.
Never share access to your wallet account under any circumstances.

Protect yourself and your account by always practising good security. If access to your account is gained (let's say your account is stolen) and a new withdrawal method is saved, there is a 5-day security period that cannot be bypassed before any withdrawals can be made to this newly saved method. This allows the original owner enough time to contact us and alert us of account theft, and account recovery will take place.

We hope this helps you understand why your account security is one of the most important things you should check over today. Making sure your accounts are fully secure and safe is always good practice, and is time well spent.

More from Tebex Blog