June 5, 2023

The English Premier League has introduced MFA controls to its official Fantasy Premier League game offering football fans the option to secure their accounts.

From  2022/23 season 2FA will have a debut which follows a wave of account hijacking attack allegations over the last two seasons. Miscreants were said to have made multiple player ‘transfers’ from compromised accounts, leaving victims with weaker fantasy football teams while simultaneously racking up penalty points.


Victims struggled to make up lost ground, their whole season was ruined. Unidentified attackers, whose potential motives could range from mischief to sabotage, were also in the habit of changing hacked victims’ team names.

The FPL game had more than nine million players last season, but the wave of hack attacks seemed to have disproportionately targeted the most successful teams those ranked in the top 100,000 of players.

The option of signing users using login details from the official FPL game rather than creating a new account with the third-party website. This practice leaves many at risk of so-called credential stuffing attacks if any of the FPL team management or stats sites they use happens to be breached.

Back in September 2021, early in the 21/22 season, the Premier League blamed account takeovers on users sharing login details with unnamed third-party websites. Team managers were prevented from making more than 20 transfers in a single game week, except in cases where a free hit chip was in play. The change was criticized by the community as inadequate,


The introduction of 2FA to fantasy football has been welcomed by the community, and the feature is tricky to find and not the easiest to activate.

Leave a Reply

%d bloggers like this: