Have a question about two-factor authentication (2FA)?

Two-factor authentication (sometimes called 2FA) is an added layer of security that we’re introducing to some areas of Rightmove Plus that contain personal data. We’re introducing an SMS based type of two-factor authentication.

SMS two-factor authentication means that to gain access to Rightmove Plus you need both:

1. something you know – your password
2. something you have – your mobile phone

You’ve probably used a form of two-factor authentication before – to log in to your online bank accounts for example.

How it will work when you access areas of Rightmove Plus that contain personal data:
You: Enter your login details and password as usual and access one of:

• Lead Reports
• Opportunity Manager
• Viewings Manager
• User Management
• Add & Edit Properties

All other areas of Rightmove Plus will not require 2FA.
We: Send you a one-time passcode via text message to your mobile phone. The one-time passcode will be valid for 20 minutes.
You: Type in the one-time passcode and proceed as usual.
 

Areas of Rigthmove Plus that contain personal information or where a fraudster may try to upload listings to try to harvest details from applicants are going to be protected by 2FA including:

• Lead Reports
• Opportunity Manager
• Viewings Manager (including Tenant Referencing)
• User Management
• Add & Edit Properties

Your branch might not have access to all of these reports or you might not have permission to see all of them.

Lead Reports and Add & Edit properties is currently restricted outside the normal working hours of an estate agent

Currently we restrict access to Lead Reports (available weekdays only) and Add & Edit property (available 7 days a week, but not overnight). Once the rollout of 2FA is complete we won’t have to limit access in Rightmove Plus. That way we’ll keep the fraudsters out of your account and give you access to all the information you need, when you need it.”

 

• Best Price Guide
• Market Share Reports
• Property Performance Reports
• Marketing Reports

You should add and edit your properties as usual, through your agency software.

We do recommend that you speak to your agency software supplier about security options. If they have two-factor authentication available, we recommend that you enable it. We’ve spoken to agents who have experienced a fraudster accessing their agency software/CRM to upload fake properties and access their customer information. We also recommend you follow the same best practice that we recommend for Rightmove Plus with your agency software/CRM – for example, making sure your password is unique and not sharing logins with anyone else.

You will still need to verify your identity using 2FA in Rightmove Plus if you access any of the other reports that contain personal data in Rightmove Plus.

We’ll ask you for a 2FA passcode periodically or when something on your account looks unusual. That keeps the fraudsters out and makes sure you have access to all the information you need. If you access areas of Rightmove Plus that don’t contain personal data, you won’t have to verify your identity with 2FA.

• You’re using a browser (such as Chrome or Internet Explorer) or a device (such as a tablet, new PC or mobile) that you’ve not logged in with before.

OR

• Your internet cookies have been deleted. We remember that you’ve logged on and verified using 2FA before by using “cookies” (small files saved on your browser). It may be that your computer is set to regularly clear cookies which will mean that you will have to go through this process again, each time the cookies are cleared.

If your IT policy is set to clear cookies you may have to verify your identity more often. Ask your IT provider to help you change your settings if you don’t want to have to verify using 2FA each time or email us at 2FAHelp@rightmove.co.uk for help.

Let us know immediately if you receive an email asking to you set up 2FA when you weren’t trying to login to Rightmove Plus or set up 2FA. Email us at 2FAHelp@rightmove.co.uk or phone us at 01908 712357.

When you click the button to confirm your email address, it will open Rightmove Plus in your default web browser (such as Microsoft Edge or Chrome). That means that you won’t be logged in to Rightmove Plus in that browser and you’ll have started the 2FA set up in another browser. To complete setting up 2FA and use your preferred browser you’ll need to reset your default browser.
Follow these steps to reset your default browser on a Windows machine:

1. On your computer, click the Start menu.
2. Click Settings (look for a cog symbol).
3. Open “Apps” and go to “Default Apps”.
4. At the bottom, under “Web Browser,” click your current browser.
5. In the “Choose an app” window, click your preferred browser.

After resetting your default browser, you need to go back to the 2FA set up email and click the button again. This should take you through the 2FA set up process using your preferred browser.

Resend your passcode from the screen in Rightmove Plus. If you find that your passcode is still not arriving, please let us know by emailing us at 2FAHelp@rightmove.co.uk or call our dedicated team on 01908 712357 so that we can investigate the issue.

Let us know as soon as possible, in writing, by sending an email request to 2FAHelp@rightmove.co.uk. Please write the email from the inbox that your Rightmove Plus is associated with. We will carry out security checks to verify your identity.

No. Receiving a text doesn’t cost money and it doesn’t use data allowance.

No. SMS does not require an internet connection. You do need to have mobile network connection to receive your one-time passcode.

If you have a personal mobile phone and your own Rightmove Plus account, you can use your own phone to receive your one-time passcodes. It doesn’t cost you anything and your phone number is not used for anything other than receiving your one-time passcodes for Rightmove Plus.

[expandsub1 title=”I don’t want to use my mobile – how do I use Rightmove Plus?” rel=”submenu3-highlander” tag=”h6″]If you don’t have a mobile phone you can still use Rightmove Plus, but you will be limited to using the parts of Rightmove Plus that don’t contain personal data such as the Best Price Guide.

If you need to access to areas of Rightmove Plus that contain personal data or might be used to upload fake listings and are unable to use a mobile phone to receive your SMS passcode, please let us know.

We can help if you have technical or practical challenges around you and your team adopting 2FA. We want to help you to take every step to reduce the very real threat to your business from fraudsters getting into your account. We’ve created a specialist team to help you 2FAHelp@rightmove.co.uk or phone us at 01908 712357.

In November 2020, we surveyed agents who use Rightmove Plus to find out which method of two-factor authentication they would prefer. Options included SMS based 2FA or an authenticator app. 2/3 of the agents who responded said they preferred that we use SMS to send a passcode to their mobile phone. We’ve listened to that feedback and developed two-factor authentication using the method that the majority of agents told us was their preference.

If your staff log into your Rightmove Plus account using a Gmail/Hotmail/Yahoo account or you share one login across your entire team, imagine what would happen if they were to leave your estate agency for a competitor? Unless you contact us and ask for the email address to be removed or update the password for everyone who is sharing the account, they will still be able to access your properties and see new listings making it easier for them to target your new instructions. What’s more they can see potential leads (which contain applicants’ personal data) and your confidential market share reports. Keep your accounts secure by having individual email addresses under your own domain.

Not only that, but shared logins will make two-factor authentication tougher. Many people may use quite simple passwords when they share logins, so that makes your account that much easier for a fraudster to compromise.

Benefits of having your own domain email address

• Keep your data secure and away from competitors when branch staff leave
• If a data breach were to occur, as a joint data controller, you are responsible for the security and protection of personal data and you may be required to provide the ICO with evidence of: an audit trail of exactly who in your branch accessed your Rightmove Plus account and when, confirm what security steps you had in place to prevent the sharing of logins and passwords and provide evidence of accountability and responsibility for each of your branch staff
• Provides greater protection to avoid unauthorised accessed to your Rightmove Plus account
• Instils trust and reassurance with vendors, landlords, buyers and tenants
• Makes two-factor authentication easier

Step 1 – Check that you have a domain name

If you have already have a website, then you already have a domain name.

If you do not have a website, then we would strongly recommend you set one up as many vendors and landlords will check out the agent’s own websites when selecting an agent to instruct.

Although we are unable to recommend a website designer or IT firm, a Google Search should give you a few options. We suggest you look at reviews of potential suppliers and check out their work on other companies’ websites.

Step 2 – Contact your domain provider

Speak to your website hosting provider, they will be able to set you up with a domain email address. Many offer this free as part of their website package, however some may charge a small fee. You can often log into your own account and it will give you an option to add an email address.