FAQs
Information and answers to Frequently Asked Questions about Security Enhancements.

Two-factor authentication
Two-factor authentication introduces the “something you have” element to your login journey along with “something you know”, such as your user ID and password.
The “something you have” at ii will be a one-time code sent to your registered mobile phone.
By adding the requirement of “something you have” to your login process, we add an extra layer of security to your accounts, making it much harder for cyber criminals to carry out fraud.
If you have a mobile phone registered with ii you will automatically be enrolled into two-factor authentication at login. It will not be possible to switch this feature off. However once two-factor authentication at login goes live, you can choose not to be prompted at each login. There will be an option to remember your browser for 30 days.
Unfortunately, our new security model isn’t currently compatible with open banking data aggregation systems. You will need to contact your provider and disconnect your ii account. We are sorry for any inconvenience this may cause you.
Please call our Customer Services team who will be happy to help you. You can reach us on 0345 607 6001 for help. We’re open from 7.45 am to 5.30 pm, Monday to Friday. They will send you a letter which you will need to complete and return to us along with your updated details.
No. You’ll be able to continue to log in to ii.co.uk and access your account. As per today, some of your account’s features will be restricted in order to continue to protect you and your account. You will not see any difference when you log in.
Having a mobile phone number allows you to take advantage of all our existing security features, so we strongly recommend adding your number to your account if you can.
It’s important that you check your details are up to date. If your mobile number is not correct please call our Customer Services team on 0345 607 6001 for help. We’re open from 7.45 am to 5.30 pm, Monday to Friday. If you need to update your number, they will send you a letter which you will need to complete and return to us along with your updated details.
If you experience issues in receiving your message, please call our Customer Services team on 0345 607 6001 for help. We’re open from 7.45 am to 5.30 pm, Monday to Friday. Additionally, we will issue a recovery code to you when you first go through the two-factor authentication process when you log in. This is a one-time use code that you should store safely. The code is not intended to be used all the time, therefore should we identify a recovery code has been used, we will ensure your account remains protected.
We will issue a recovery code to you when you first go through the two-factor authentication process or register a new mobile phone. This is a one-time use code that you should store safely. This code will allow you to access your account as an alternative method to receiving a SMS message.
If you no longer have access to the registered mobile and you have lost the recovery code, you will need to call our Customer Service team so that we can help you regain access to the account.
If we ask you to verify your identity with a 6-digit code, you will see an option to ‘Remember my browser’. Selecting this option means we won’t ask you to enter a 6-digit code again for up to 30 days.
However, for security purposes there are a few reasons we may need to ask you to enter a code again. These include:
- If you haven’t logged in on the same browser or device for 7 days
- If you’ve cleared your cookies or personal security preferences on your browser
- If your browser has had an update
All this ensures we can keep your ii account as safe and secure as possible.
Online security
A key part of your security profile for your online access and safety, is and will be, your email address. Importantly this email address needs to be a unique email to you as an individual.
Today, if we detect any unusual activity on your account, if you need to complete a password reset, or you update your information, we will send you an email to confirm it was you.
Soon, we will be making a change to how you log in to your account. We will be asking you to provide your email and password at login rather than your username and password.
We won’t use your email address for marketing purposes, unless you give us permission.
Soon, we will be making a change to how you log in to your account. We will be asking you to provide your email and password at login rather than username and password.
Where someone has their own login credentials (username) for access to their account(s), then we will require a unique email address to be provided to ensure that everyone continues to use our online service.
All your account communications will continue to be sent to the email you have chosen for your joint profile, which doesn’t need to be unique.
With each customer having a unique email address, we will be able to understand who is logging in and make sure every customer profile is protected.
Soon, we will be making a change to how you log in to your account. We will be asking you to provide your email and password at login rather than username and password.
There are certain circumstances where you may have chosen to, or you are not able to link your accounts together (see more about linking your accounts here). For any account where you have a username and password, you will also need to provide a unique email address.
The unique email addresses provided for login will enable us to understand which account you are logging in to and will provide all the necessary security protection that surrounds that profile.
The strength of your online protection is reliant on you having a strong password and our second factor of authentication, rather than the username.
We support your password with robust anomaly detection shields and further security protection around your key personal information.
Changing from username to email allows you a simpler login experience without undermining any of that protection.
Your email address is the key piece of information that we will use to uniquely identify you. We are further supporting this change, by adding to those anomaly shields already in place. Additionally, we will be introducing two-factor authentication at login.
You will lose your online account access if you do not provide an email address. Your ability to use and maintain your account will not be affected, but you will need to speak to our Customer Service team over the phone instead of making changes online.
If you don’t currently operate your account online, your service will not be affected.
Where possible, we are encouraging all new and existing customers to create an email address so they can take advantage of all the existing security protection features we offer.
If you do lose your online access and you would like to provide an email address, you’ll need to speak to our Customer Services team, who will be ready to help you. One of our agents will be able to update your account and get you back online. You can contact us on 0345 607 6001 between 7.30am and 5.30pm, Monday to Friday.
We understand that setting up an email address might seem daunting, but it can be a simple process.
While we can’t advise you on which email provider you should choose, when you register with your internet provider (for example, BT or Sky), then they will often provide you with an email account. Additionally, they are likely to be able to provide additional email addresses if you ask them to. These may be free or have an additional cost, so it’s advisable to check with them first.
You can also set up an email account that is separate to your internet service provider. There are plenty of email providers, such as Gmail, Hotmail and Yahoo.
At ii login passwords need to be between 8 and 50 characters long and include at least 1 upper case character, 1 lower case character and 1 digit
Password security starts with creating a strong password. Here is a helpful guide for creating a strong password:
- At least 12 characters long but 14 or more is better.
- A combination of uppercase letters, lowercase letters, numbers, and symbols.
- Not a word that can be found in a dictionary or the name of a person, character, product, or organization.
- Significantly different from your previous passwords.
- Easy for you to remember but difficult for others to guess.
Telephone security
While the majority of your day-to-day phone transactions and tasks will not be affected, it could take longer for you to pass security when you speak to one of our customer service representatives over the phone.
If we aren’t able to help you over the phone, we will be able to explain your next steps so we can help to complete your request.
No - we will only ever send you marketing information if you have given us explicit permission.
Yes, you will be able to receive SMS codes abroad, subject to your network provider and phone settings. You may incur extra charges from your mobile provider for receiving text messages abroad.