Keeping your account safe - Your Depop Security Checklist

Depop is committed to keeping your account secure. To help us, we ask that you follow the following steps so that we can work together to keep your accounts safe.

In this article:

  • Strengthen Your Password
  • Using a Password Manager
  • Enable Two Factor Authentication
  • Check for Unfamiliar Activity
  • Keep your Application and Devices Up to Date
  • Report Suspicious Behaviour
  • 2FA FAQs


Strengthen Your Password

One of the most important things you can do to protect your account is to use a strong password. 

A strong password:

  • Is one you don’t use for any other app or service or share with anyone
  • Contains at least 12 characters
  • Includes uppercase and lowercase letters, numbers, and special characters
  • Is generated and safely stored in a password manager like 1Password or Bitwarden

A great way to make a strong password (if you’re not auto-generating it using a password manager) is to use a passphrase that’s easy for you to remember, but difficult for others to guess. 

Here’s an example: C’m0nC’m0nB4byTw1stN’Sh0ut!

Never share your Depop password. If you have shared your Depop password with anyone else or if you use the same password for an account that is not Depop, change your password immediately and enable 2FA for your account.


Using a Password Manager

Remembering passwords for countless accounts can be cumbersome and risky. Enter Password Managers, these solutions provide a streamlined and secure way to manage your passwords. By memorising just one robust 'master' password, you unlock access to all your credentials, stored and encrypted for your eyes only. Many password managers also feature auto-fill options, making logins seamless and swift. With options like 1Password, Bitwarden, or Keychain for MacOS users, adopting a password manager is a great step towards fortifying your online security.


Enable Two Factor Authentication

We encourage turning on 2FA (available on mobile only) to provide an extra layer of protection to your account. 2FA requires two sources of information to sign into your Depop account. Every time you log in to your account, 2FA is used to verify your identity by doing the following:

  • Pairing something you know (like a password or pin); with

  • Something you have (like a hardware key or security token); OR

  • Something you are (biometric, like your fingerprint or FaceID).

Depop offers to pair your account password with a one time password that we send to your phone upon login request. 

To turn 2FA on on your Depop account - 

  1. Go to My Depop Profile_2x.png > Settings > Two-factor authentication

  2. Enter your phone number in when prompted

  3. Enter the code texted to you

  4. Get your unique recovery code

  5. Save your recovery code (best to do in a password manager)

Once you’ve successfully set up two-factor authentication, you’ll get an email to confirm it’s turned on. You’ll also see Two-factor authentication is on in your Depop settings. Moving forward, you will get a text message with a one time password each time that you try to login and will be prompted to enter it along with your Depop account password.

2FA on Depop web works similarly! Once you have it setup on your mobile device, you will be sent a text message with a one-time code when you login to web as well! All changes or updates to your 2FA preferences must be made on mobile. 

We encourage 2FA for all of your online accounts, but especially for email accounts associated with your Depop account and phone provider.

Have a question? Reference our 2FA FAQ below and/or file a support ticket.


Check for Unfamiliar Activity

External parties not affiliated with Depop may be attempting to access your account by using deceptive emails and websites that appear to come from a legitimate source, also known as phishing. Be suspicious of any unusual requests asking for any of your sensitive information, e.g. personal or financial details, by email or phone. 

What should I look out for?

The following, as this may be a sign that your account has been compromised:

  • Messages you did not send 
  • Items listed on your account that you do not own
  • Payments made to your PayPal account that you cannot account for
  • Your personal details changed without your consent
  • Messages on other platforms (Reddit, Meta, etc.) regarding your Depop account

'Someone is asking me to share personal information via the Depop platform'

We strongly recommend against sharing any personal information via Messages. Sharing email addresses, phone numbers or any other personal information could result in external parties not affiliated with Depop attempting to access your account, which is known as phishing.

It is also against Depop's Terms of Service to transact outside of the app. Only ever purchase items in app, by clicking the 'Buy' button

If you believe someone is acting suspiciously, please report the user to our Support teams who will review the account and take appropriate action.

If you have shared personal information with another user, contact us directly and follow the steps detailed here

'I've received a suspicious email claiming to be from Depop'

If you’ve noticed any suspicious activity – contact us directly. See below for more immediate steps: 

  • Do not click any of the links or open any attachments within the email
  • Contact us directly via our Help Centre, making sure to take a screenshot of the email – be sure the screenshot includes the sender’s contact information
  • After taking a screenshot of the email, delete it and report it to your email provider as phishing
  • Do not send any items or funds

'How do I know if an email is coming from Depop?'

There are a few ways to tell whether an email claiming to be from Depop is legit.

  • All proper Depop emails come from an email address. Make sure you double check the sender's address.
  • Heads up - we'll never email asking you to share personal info or account details through another website or outside of our app.

'I've already provided personal information or opened a link'

  • Follow the steps below to change your password. Make sure it’s complex and isn’t used on other sites or apps
  • Update your password on any other websites where you use the same email and password combination
  • If you entered payment information, contact your financial institution immediately


Keep your Application and Devices Up to Date

Staying ahead with the latest updates for your apps and devices is a critical step in keeping you safe online. These updates are typically packed with essential defences against malware and security threats but also catching new features and improvements. So, when you're nudged to update, try embracing it as a vital habit for maintaining your cyber hygiene as applying these updates is one of the most important things you can do to keep yourself safe online.

To get you started, we’ve included links to popular devices.


Report Suspicious Behaviour

In the instance you find yourself noticing that there are actions, listings or communications on your Depop account that you cannot account for (examples listed below), your account may not be secure. Please be assured that Depop is committed to doing our utmost to safeguard your data, you can help by reporting any suspicious activity.

Immediately contact Depop Support by sending a request and take the following steps:

  1. Select Safety, Reporting & Appeals > Report unauthorised access
  2. Include when you last accessed your account and how you realised it had been accessed by someone else in the comments section
  3. Whilst you’re waiting for a response from one of our agents, check to see if your email address has been changed within the app
  4. If your email has been changed, change the email back to your original email address
  5. Send yourself a password reset link here and update your password 



'I need to change the phone number on my account'

To change the phone number associated with your two-factor authentication:

  1. Go to Profile > Settings > Two-factor authentication
  2. Tap Change my number
  3. You’ll need to enter the 6-digit code we send you so that we can verify it’s really you who’s trying to make the change
  4. Follow the instructions to change the phone number associated with your two-factor authentication

'How do I get a new recovery code?'

If you’ve lost your recovery code and are still logged in, you can get a new one to keep safe in case you need it to log in in the future.

To get a new recovery code: 

  1. Go to Profile > Settings > Two-factor authentication
  2. Under Two-factor authentication is turned on, toggle off Text message
  3. Follow the instructions to turn off 2FA
  4. Once 2FA is turned off, toggle on Text message and follow the instructions to turn 2FA back on and get your new recovery code.

'How do I turn off two-factor authentication?'

To keep your account safe, we recommend you keep two-factor authentication turned on.

If you really want to turn it off, you’ll need to:

  1. Go to Profile > Settings > Two-factor authentication
  2. Under Two-factor authentication is on, toggle off Text message
  3. You’ll need to enter the 6-digit code we send you so that we can verify it’s really you who’s trying to turn off two-factor authentication.
Was this article helpful?
8 out of 129 found this helpful

Articles in this section