Overview

• Starting August 27, 2025, Rewe will require two-factor authentication for all logins to its app and website.
• The mandatory 2FA combines a password with a one-time code sent via email and offers an optional authenticator-app layer.
• Customers who fail to activate 2FA will lose access to key functions, including collecting bonus points or redeeming coupons.
• The shift from optional to compulsory 2FA follows multiple fraud incidents in which cybercriminals used phishing and dark-web data to steal bonus credit.
• Updated terms of service state that continued app use after August 27 constitutes automatic consent to the new security requirements.