Protect your Holded account (2FA)

Tips to protect your Holded account

Héctor Emperador avatar
Written by Héctor Emperador
Updated over a week ago

Your credentials are your main ticket into your Holded account. Creating strong and unique passwords is the best option when it comes to protecting your data.

You probably have many accounts and the idea of ​​reusing passwords has crossed your mind. However, keep in mind that if your password is compromised, other accounts could also be compromised.

For this same reason, consider introducing the following practices into your daily life to protect your account.


Avoid common passwords

Don't use obvious or easy-to-guess passwords, such as "123456" or "password." Opt for a unique and complex combination of more than 8 letters, with some capital letters, numbers, and symbols or special characters, if possible.

Likewise, avoid using old or duplicate passwords, and be sure to update your password from time to time.


Use a password manager

Password managers allow you to generate strong and complex passwords. In addition, they store your login information for all the websites you use and help you enter them automatically. These tools are definitely very useful as they encrypt your password database with a master password, which is the only one you need to remember.

Not sure where to start? You can take a look at the password management options offered by Chrome or Safari.


Two-step verification (2FA)

In addition to your password, two-step verification (commonly abbreviated as 2FA) adds an extra layer of security to your Holded user login to ensure your account is protected. This type of SMS verification ensures that you are the only person who can access your account, even if someone knows your password.

Why is it convenient?

Passwords can become vulnerable for reasons such as reuse or poor encryption, among others. Two-step verification ensures your user account is protected, even if your password is compromised. Therefore, this method improves the security of your Holded account and all the information stored in it.

How does 2FA work?

When you want to access your Holded account, you will have to provide two pieces of information: your password and the six-digit verification code that is automatically sent to your phone number or email. By entering the code, you are verifying that you trust the device from which you are accessing your Holded account.

After logging in, and as long as you use the same device (without browsing incognito or clearing cookies), you will not need to enter the code again for 30 days.

🚨 If you lose access to your email or phone number, please contact our team as soon as possible at [email protected], via the app, or the Holded website, so we can help you solve any security issues.

Activate two-step verification (2FA) by email (default)


This process will activate the default two-step verification, that is, via email.

☝🏼 You will be able to activate the two-step verification as long as your plan is not a paid one. Otherwise, it will be activated automatically, with email as the default method.

  1. Go to Menu > Edit Profile.

  2. Under "Two-Step Verification," click "Activate."

  3. Enter your Holded password and click "Continue."

  4. Next, enter the 6-digit code that you will receive to the email with which you created your Holded account.​

  5. Once this is done, email verification will be activated correctly. Click "Finish."

Activate two-step verification (2FA) via SMS (optional)

Although the default channel to receive the verification code is email, if you have a paid plan, you can additionally configure your profile to receive it by SMS text message.

Even if you enable SMS reception, it will not be necessary to enter both codes each time you log in. You will continue to use only one, and you will also have an additional method of access, as a kind of security backup in case you do not receive the email for any reason.

To activate SMS verification, once email verification is activated, follow these steps to activate it by SMS:

  1. Go to Menu > Edit Profile.

  2. Under "Two-Step Verification," locate "SMS Verification" and click "Activate."​

  3. Enter your Holded password and click "Continue."

  4. Next, enter the phone number where you want to receive the verification code.

  5. Next, enter the 6-digit code that you will receive to the phone number entered.

  6. Once this is done, SMS verification will be activated correctly. Click "Finish."

Disable two-step verification (2FA) via SMS

To protect your data and secure your account, we are making two-step email verification mandatory. For this reason, once activated, it will not be possible to deactivate it.

This measure will strengthen security by preventing unauthorized access. Keeping it activated is essential to guarantee the integrity of your data.

You can, however, eliminate SMS verification, leaving only the email option active. Follow these steps to do it:​

  1. Go to Menu > Edit Profile.

  2. Under "Two-Step Verification," locate "SMS Verification" and click "Delete."

  3. Enter your Holded password and click "Continue".

Once this is done, SMS verification will be deactivated, leaving only email verification active (mandatory).

Change the phone number associated with two-step verification (2FA)

In case you need to change the phone number associated with 2FA in your Holded account, you must deactivate 2FA by SMS, and activate it again, using the new number. If you cannot deactivate it, contact our support department.

🚨 In case you lose access to your original phone number or device, or for any reason are unable to disable and re-enable SMS verification, please contact our customer support team via the app or our website.


Sign in with your Google or Apple account

If you don't want to use a password manager, there are other options available, such as logging in using your Google, Apple, or Facebook accounts, which are always better options than reusing passwords. Learn how to use them here.


Keep your trusted phone numbers up to date

Always update the phone number associated with your Holded account. The phone number must be correct in order to receive your account access verification code if 2FA for your Holded user login is enabled.

Learn how to change your phone number here.


Protect your devices

Your phone number is tied to a physical device. We also recommend that you establish passwords or locking systems on your mobile devices and computers to prevent unauthorized access.

In the event of theft or loss, we advise you to take the necessary measures to prevent any malicious use from the lost mobile device.


Good security practices

When it comes to the security of your data, all caution is unnecessary. Here are some other safety tips for you to put into practice:

  1. Don't share your credentials: make sure each user has their own, individual, non-transferable access credentials.

  2. Keep your software up to date: Make sure your operating system and applications are always up to date with the latest versions and security patches.

  3. Beware of phishing: Use caution when clicking on links or providing personal information via email. Check the authenticity of emails and websites before providing your details.

  4. Sign out: Always sign out of your account after using it, especially on shared devices.

  5. Secure Wi-Fi networks: Avoid accessing your account from unsecured public Wi-Fi networks. Use virtual private networks (VPN) if necessary.

  6. Restrict app permissions: Review and limit permissions for apps that access your account, and revoke permissions for apps you no longer use.

  7. Unusual activity alerts: Turn on email notifications or alerts to receive information about unusual activity on your account.

Did this answer your question?