Skrill offers 2 factor authentication, urges password reset

Noted online payment processing and e-wallet vendor Skrill yesterday announced that it now offers customers the option of enabling free two factor authentication via Google Authenticator on their e-wallet and merchant accounts.

In an email sent to merchant account holders, Skrill urged account holders to enable the new two factor authentication method, which is free to all account holders. Skrill has previously offered similar security via a hardware security token that merchants were required to pay for. This new method is free. We have checked our personal Skrill accounts and can confirm that this security measure is available to personal customers too, and it is a facility that we advise you activate on your account.

The more interesting part of the email is the strong recommendation that users change their password within the next 24 hours.

Dear Merchant,
At Skrill we constantly aim to improve the online security of our merchant accounts.

To help with this, we are introducing two-factor authentication on all our merchant accounts. We STRONGLY recommend that you activate and use two-factor authentication and that you change your user account password within the next 24 hours.

For detailed instructions on how to activate and use two-factor authentication, please click here

Best Regards,

The Skrill Team

Skrill followed this email up with another shortly after that urges merchants to activate IP address restrictions on their accounts. If they don't, Skrill is adopting a legally questionable tactic of demanding merchants sign an indemnity form that absolves Skrill of all responsibility for any fraudulent account transactions, even if the two factor authentication is used.

While we are always welcoming of better security practices and commend Skrill on rolling out free two factor authentication to all account holders, we have to question the motivation behind this decision and perhaps whether there is not more to this story. With account holders regularly complaining of compromised accounts, and personal accounts being locked and password resets forced, it smells a lot to us like there has been a security breach at Skrill and they are scrambling to shut the gates well after the horse has bolted.

About the author

1 reply • Last post


Forum Angel
sharpe's picture
Location: Sofia, Bulgaria
Joined: 4 Nov 2014
Posts: 6301
Thanks given: 2823
Thanks received: 864
12 February 2016 - 9:50pm

Obviously there's has been some security breach at Skrill, I don't like to set two factor authentication on my accounts but since it comes free it could be recommended for the users to do that. Hopefully these security measures will prevent more future security issues and all the Skrill customers will feel secure about their money.