Keeping your account secure
What this is
A short checklist for keeping your account safe. Most of it takes a couple of minutes.
The essentials
- Use a strong, unique password. Don't reuse a password from another site. You can change it any time on Change password.
- Switch to an authenticator app. App codes are stronger and faster than emailed ones. See Set up an authenticator app. Two-factor is always on either way.
- Save your backup code. If you use an authenticator app, keep your backup code somewhere safe and separate from your phone, so a lost device doesn't lock you out.
- Consider Google/GitHub sign-in. Linking a provider on Sign-in Methods means one less password to manage.
- On shared or public computers, don't tick "Remember me," and sign out when you're done.
Spotting something wrong
- We email a login code with the IP address the sign-in came from. If you receive a code you didn't request, someone may have your password, so change it right away and turn on an authenticator app.
- We will never ask for your password. Not by email, not in a support ticket, never. Anyone who does is not us.
- Only ever enter your password on our own sign-in page.
If you think your account was accessed
Change your password immediately (this signs out other devices), and open a ticket so we can help you review it.
Still need help?
You can open a support ticket. So we can help on the first reply, it's worth mentioning:
- the email address on your account,
- what you noticed (an unexpected login code, an email you didn't expect, etc.),
- a screenshot if you have one.
We'll never ask for your password.
Related questions
- "How do I keep my account secure?"
- "I got a login code I didn't request."
- "I think someone accessed my account."
- "Is this email really from you?"