Security Best Practices
Beyond the layers of protection we apply to every Robinhood account, here are some additional steps we recommend you can take to help protect your account:
We strongly encourage turning on Two-Factor Authentication (2FA) to add an additional layer of security to your account.
2FA is more secure because it requires two sources of verification: something you know (your password) and something you have (the code that you generate or receive on your device). It’s much harder for attackers to gain access to both of these, and it can help protect you in case an attacker learns your password.
You can set up 2FA either with an authentication app or with text messages (SMS). Between these two options, we recommend using an authentication app because they are better at helping protect you against certain types of attacks.
We encourage you to set up 2FA for all your online accounts—especially for the email associated with your Robinhood account and your phone provider.
One of the most important things you can do is use a strong password for your Robinhood account. A strong password:
A great way to make a strong password is to use a passphrase that’s easy for you to remember, but difficult for others to guess. You can also consider using a password manager to create and store strong passwords as well.
Never share your password. If you’ve shared your Robinhood credentials with anyone else or if you use the same password for a different online account, please change your password immediately and enable 2FA for your Robinhood account.
Device Monitoring allows you to view and manage every device that has been used to log in to your Robinhood account.
To view your devices in the app: 1. Tap the Account (person) icon in the bottom right corner 2. Tap the three bars in the top right corner 3. Tap Settings 4. Tap Your Devices to view them
It’s important to remain vigilant and keep an eye on your activity. We recommend regularly reviewing the listed devices and removing any you don’t recognize or no longer use.
If you see activity that you don’t recognize or didn’t authorize on your account—or have any other reason to believe it has been compromised—contact Robinhood Support immediately by emailing firstname.lastname@example.org.
You can also choose to secure your account, which logs you out of your account on all of your devices and requires you to reset your password. Note that it will also restrict your ability to withdraw funds from your account until you verify your identity, which you’ll do by re-uploading a photo of your ID.
Scammers can target any account, and learning how to identify scams can help you safeguard your information.
Phishing is a common way scammers try to target you in order to obtain sensitive information, such as your username and password, account information, or Social Security number. A scammer may call, email, or text you, pretending to be someone from Robinhood or another company or authority you know or trust. Remember that phishing websites and links may look similar to real websites.
Robinhood Support will never do the following: