Is Temu safe? Why its single-layer security should be a red flag to shoppers

    Published on:

    Nikos Pekiaridis/NurPhoto (via Getty Images)

    Given the large amount of breach activity taking place around the world, username and password mechanisms for authentication are virtually worthless.

    Many of the breaches ZDNET has documented over the years have involved the loss of personally identifiable information and login credentials. Although some passwords are encrypted on their servers, some online operators still store passwords in free text. This is clearly not a best practice, but we know that not all companies follow it.

    Also, is Temu legal? What you need to know before ordering

    While other online activities encrypt your login credentials, encryption is still insecure. In other cases, retailers follow good security practices when it comes to encrypting user data, but breaches carried out by government-sponsored hacking operations have the resources to break even good security.

    This is where multi-factor comes into play. By requiring a second factor of authentication, what security experts call “something you have and something you know,” thieves generally will no longer be able to access your account. While these protections certainly had unfortunate workarounds, the chances of them leading to credential theft if a username and password are compromised are still significantly lower.

    Also: Temu vs. Amazon: Which shopping site is best for your purchasing needs?

    Therefore, even if a thief obtains your username and password, he or she may be blocked from accessing the online service they are attempting to compromise, even if your phone does not have an authenticator running.

    In today’s world, it’s unconscionable for online retailers to deny their customers access to multi-factor authentication.

    Tim’s situation

    And yet there we find Tem. Surprisingly, Temu does not offer any authentication technology other than username and password.

    Also: Don’t use weak passwords for streaming services – it’s more dangerous than you think

    Temu’s site doesn’t discuss much about Temu’s security practices other than a bunch of logos at the bottom of the page.


    Screenshot by David Gewirtz/ZDNET

    I received an email with a series of claims about Temu’s security practices and how much they care about personal information, but the basic fact is that Temu provides a second factor of authentication. It means that it is not.


    Screenshot by David Gewirtz/ZDNET

    I noticed this when trying to secure my account. We checked all the obvious locations and found no sign of an authentication device or SMS-based authentication.

    Also: 70+ Best Early Black Friday Deals: Live Updates

    We eventually reached out through a chat interface. I first simply asked how to set up her 2FA (two-factor authentication) on my account. I was told that that was not an option.

    Since you used an acronym for two-factor authentication in your request, I re-asked your question more clearly to confirm that there is actually no two-factor authentication feature available. As you can see from the chat below, the agent confirmed that her Temu does not offer her two-factor authentication.


    Screenshot by David Gewirtz/ZDNET

    At this point you need to choose whether or not to use Temu. Do you use it knowing that even if there is a breach, there will be no second factor preventing access, or will you stop using Temu until this issue is resolved?

    Also: What is a passkey? Experience the life-changing magic of going passwordless

    If you wish to continue using Temu, we recommend that you take the following precautions: First, consider using a one-time use credit card like the card. Next, check your credit card weekly as recommended in this article. That way, if you receive a false charge, you’ll know right away and take corrective action.

    So, given this news, would you buy from Temu? Let us know in the comments section below.

    Follow me on social media for updates on my daily projects.Be sure to subscribe to our weekly updated newsletter on substackFollow me on Twitter @DavidGewirtz,On facebook Instagram on YouTube


    Leave a Reply

    Please enter your comment!
    Please enter your name here