There is no two-factor authentication on FunPay ("login using SMS authentication"). In fact, it has been replaced by a system we developed. It may ask you to answer several security questions in case of suspicious account activity (for example, access from a new city).
We use that system primarily because we do not have incidents of unauthorized access to our users' accounts; in addition, mandatory two-factor authentication leads to conversion loss. We plan to add two-factor authentication later as an option for those who want to use it.
Nevertheless, I prepared some tips for keeping your FunPay account secure and basic Internet safety tips. I hope they can help you.
1. The most important thing: Never use the same password at multiple websites.
And especially on FunPay. The fact is that when you enter your password on any website, firstly, you inform the website owner (as for FunPay, we only store hashes, but other websites may store passwords). Secondly, you have to be sure the website is secure, because in case of website hack, scammers may find out your password. Hacker forums sell huge databases containing login credentials from hacked Internet resources. Scammers buy it and use it to enter various sites (including ours). Of course, this is an automatic process. At the moment, leaked databases remain the most popular and large-scale way to "hack" accounts. I hope you will install a password manager right now or at least write down all your passwords on paper. Any solution is better than reusing the same password everywhere.
2. Never download and install software unless you are certain it is from a trusted source.
You can install software if it is produced by a large international software company and has a digital signature. Having a valid digital signature ensures the authenticity and integrity of software. If you don’t know who developed the software (for example, if you play on a cracked/private server of your favorite game), the software is likely not reliable. Our tech team investigated several cases, when Lineage 2 cracked/private server administrators tacitly added some functions to their launchers, including taking screenshots on users' computers. They used it to identify various violations of their rules, which included trading on FunPay. Remember that usually the owners of cracked/private servers hide their identities and do not comply with the law. A user must decide whether to install or run an application, based on his knowledge of the software publisher. Using pirated software (including "cracks") is potentially dangerous.
3. Never install unknown browser extensions.
Likewise with unreliable software, installing unknown browser extensions is potentially dangerous.
4. Always check the website name (domain name) before entering your username and password.
Get into the habit of checking the website name (domain name) in the browser address bar every time you enter your password or other sensitive information. Make sure that you landed on a real website, not a fraudulent copy, which uses a domain name that references official website.
5. Set up two-factor authentication on your social media accounts and email.
Most social media platforms and email services provide two-factor authentication, and you should definitely use it. For example, to turn on or manage two-factor authentication on Facebook, go to your security and login settings, scroll down to “Use two-factor authentication” and click “Edit”.
6. Do not store large amounts of money in the FunPay account balance.
FunPay is a high-quality website without security issues; however, FunPay is not a bank and is not intended to save money. Keep your money in a bank.