Keeping your account safe

At Summer we take the security of your personal information seriously and take steps to keep this information private.

We encourage our members to be vigilant across their online activities and be careful of phishing emails.  


To help protect your account we:

  • Store you password in a format even we can't read 
  • Will never ask for your password
  • Automatically log sessions out after 10 minutes of inactivity
  • Will send a confirmation email when changes are made to your account
  • Notify you via email when you login for the first time from a new device
  • Notify you via email when you login outside of New Zealand

If you receive an email and haven’t made a change or logged in, please contact us.

There are also a number of things you can do to help protect your Summer KiwiSaver scheme account.

  • Use a passphrase when setting your password. A passphrase is a series of words and may be easier to remember. It can be stronger than a mix of characters, symbols and numbers. To help with setting a passphrase you could consider topics such as:
    • Describing a feature in a room in your house
    • Your favourite food
    • A childhood memory or activity
    • Avoid using personal information, such as your full name, as this can be easier to guess
  • Enable multi-factor authentication (MFA) on your Summer account. See below for more.  
  • Keep your password safe by not sharing it with others, writing it down, saving password details on shared or public computers or using the same password across all your logins.
  • Install anti-virus software on your computer and keep these up-to-date, running regular checks.
  • Run updates - In addition to providing new features, updates issued may also be about fixing known security issues. Take the time to look at the updates recommended.
  • Keep your operating system and web browser up-to-date.
  • Connect from a secure URL. To check the URL is secure look for ‘https’ at the start. You should also see a padlock symbol. Typing https://www.summer.co.nz directly in to your browser will help ensure you are accessing the true website.
  • Log out when you are finished checking your Summer account. This is especially important if you are using a shared or public computer.
  • Be aware of phishing emails or spam phone calls. See below for more about phishing.  

Multi-factor authentication (MFA)

Enabling multi-factor authentication on your Summer login is an easy way to add extra security to your account. MFA requires a verification code every time you log in, in addition to your username and passphrase.

You will need to install an authenticator app that supports Time-based One-Time Passwords (TOTP) on your device, like Google Authenticator. Once set up this will provide you with a temporary access code each time you log in. The authenticator can be set up on most electronic devices, but we recommend the one you will have readily available most, for example, your phone.

Summer members can enable MFA by ticking the ‘Enable Multi-factor authentication’ option under manage my account > change passphrase. MFA can also be enabled upon registration with Summer.

You will need to re-enter your passphrase, however you are not required to change it as long as it meets the 15 characters requirement.

Read more about MFA on the CERTNZ website.

If you would like assistance with enabling MFA please contact us or read our MFA guide.

Credential dumps

Sometimes personal information can be compromised, such as during a data breach. This can mean information, such as email addresses and passwords are published online and can be exploited.

If your information has been part of a breach you should change the password for the applicable accounts straight away. This includes other accounts that you have used the same or similar passwords for.

Read more about data breaches and credential dumps on the CERTNZ website.

What is phishing?

Phishing is when scammers pretend to be trusted brands to trick people into giving out their personal information, such as account login details or money. Two of the more common phishing tactics are sending authentic looking emails or via phone calls. With phishing emails, they often create a sense of urgency and prompt you to click a website link, which may ask you to enter sensitive information or download a virus to your computer.

What to do if you think you have received a phishing email?

If you are in any doubt about the authenticity of communications you have received from Summer, please let us know.

If you are suspicious of an email:

  • Don’t open any attachments or click any links within it
  • Check the actual email address it was sent from, as phishing emails often impersonate the display name 
  • Check where the links really lead by hovering your mouse over them. If the URL shown when you hover over the link looks suspicious then treat the email as a phishing email
  • Don’t reply to the email
  • Forward us a copy of the email then delete it

You can find out more about Phishing on CERTNZ

Make it easy to access your Summer account

You can save a shortcut to your device for faster access in future. Simple instructions can be found here.

If you think you have given out personal details or have any concerns about your Summer account, we suggest changing your password via the 'Manage my account' menu and contacting us immediately.