Why it matters to you
You’re sharing your home with strangers by way of Airbnb, so naturally, you want to feel secure. And as cyberattacks and hacks become ever more common, the short-term rental platform is stepping up its game to ensure that your home is protected — at least from a digital perspective.
As such, Airbnb has introduced “new defenses to further prevent bad actors from taking over an Airbnb account.” These include multi-factor authentication, which will require additional verification for users logging in from a new device, and improved account alerts, so that you can get text messages whenever account changes have taken place.
“Trust is the fundamental currency of the sharing economy — it’s at the very heart of our Airbnb community,” wrote Airbnb’s Chief Strategy Office and co-founder Nate Blecharczyk in a blog post. “As our global community continues to grow, we remain vigilant of the ways bad actors are looking to take advantage of this trust.”
As of late, the security community has been paying more attention to account takeovers, or ATOs. This kind of hack happens when a malicious actor accesses user accounts by stealing passwords, either by way of password dumps, phishing, or malware. While Airbnb has previously defended against ATOs via a machine learning model meant to predict that likelihood of an account login being performed by its legitimate owner, the company is now implementing additional preventative measures to ensure that you’re staying safe.
“Our model is effective at stopping most account takeovers, but unfortunately there have been some incidents where hosts and guests have suffered,” Blecharczyk admitted. “This is not acceptable to us, therefore we’re working around the clock to do everything we can to improve our detection and prevention methods. While the machine learning approach is common for online platforms, the nature of Airbnb’s product and the critical importance of trust within and among our community requires an even higher bar for security.”
With the addition of multi-factor authentication, users will now have to confirm account ownership by inputting a one-time unique confirmation code from their linked phone number or email in order to access Airbnb on a new device. Airbnb will also be more proactive in alerting you to any account changes “so that you can take action to recover your account in the event you were not the one who made those changes.”
For additional security measures, you can check out Airbnb’s recommended practices around strong passwords, safe payments, and more here.