How we protect your account

The security of your accounts is of utmost importance to us. We have invested in multiple measures to help protect you and your money. We use a range of physical, electronic and procedural controls, some of which are highlighted below.

What we do

Secure encryption and validation

When visiting our website, you’ll note an indicator (typically a padlock) shown in the address bar of your browser. This shows a secure connection has been established. However, this shouldn’t be your only measure of legitimacy, and fraudsters are always coming up with new ways of imitating known websites. For the avoidance of doubt, always visit a website directly via a reputable search engine and check the spelling of the web address before proceeding.
Locking your account
Your Secure Number will be disabled after too many incorrect attempts. You don’t need to worry if you do this accidentally or if you forget your password. You can reset your login details online by following these steps:
- Click Log in at the top right hand side of our website
- Enter your Username and date of birth
- Select ‘forgotten login details?’
Two-factor authentication

Two-factor authentication (or 2FA) is an extra layer of security that can be added to your online account by calling 0117 980 9984 or contacting us by secure message.

However, if you use your fingerprint or face to log into our mobile app, this automatically gives us two-factor authentication in one secure step.

You already have 2FA on your HL account if you have an Active Savings account or HL Cash ISA, or you’ve linked accounts with someone who does. These types of account must comply with the Payment Services Regulations 2017, which require 2FA.

There are two changes when you have 2FA on your HL account:

Automatic timeout: You are logged out after 5 minutes of inactivity. This could be if you navigate away from your account to browse articles or other public pages on the HL website. When you are using your account, such as clicking between your accounts and dealing, you will stay logged in.

Additional login step: We send you a 5-digit code if you 1) log in via the website or 2) use the app but you have not set up fingerprint or face login. You need to enter this code to access your account. We send it via your choice of text message or automated phone call, and it usually arrives in seconds.

You can only receive codes to one phone number. To change this number, call our Client Support Helpdesk on 0117 980 9984.

We do not need to send you a 5-digit code if you log into the mobile app with your fingerprint or face. This method gives us two-factor authentication in one secure step. However, we will send a one-off code to verify your device when you first log in.

You can turn on fingerprint or face login in your HL app settings.

Turn off fingerprint or face login in your app settings if you would still like to receive a 5-digit code.
Last logged in date and time

The exact time and date stamp of your last login session is displayed in the top corner of the page each time you log in. This information is a good way of ensuring you are the only person using your account.
Secure Number

Once set up, we’ll never ask you for your full Secure Number whether this be on our website, by email or by phone.
Secure online withdrawals

If your nominated bank account is updated online, we will send you a validation code in the post. You'll need to verify this code online before you can make any withdrawals.

If your nominated bank account is updated over the phone, we will use an online checking service called Confirmation of Payee (CoP). This check makes sure the account details match the name on your HL account. Learn more about CoP with Pay UK. You can also opt out of CoP using this form.
Logging out

Automatic log-out after a period of inactivity.