Imagine you’re trying to log in to your favorite website. You enter your email address and your usual password. But when you click login, nothing happens, except for that pesky error message we’ve all seen a thousand times: “Your Password Is Incorrect.”
You panic, rack your brain, and try your second (and third) most-used password, praying that you won’t get locked out of the site. Finally, you reach out to support, who gives you some surprising news — someone has changed your password and is using your account.
You’ve been the victim of an account takeover.
Now this could be a small inconvenience, or depending on what account has been accessed, it could be huge and costly. For instance, if you are a patron and someone were to take over your Patreon account, they could scam you by using your payment method to pay into a fake Patreon page that they own. Or if you’re a creator, they could take over your account and steal your balance (or worse).
Pretty scary, right?
Account takeovers aren’t anything new, but in general, they seem to be happening much more frequently in recent years. According to KPMG, account takeovers have gone up 57 percent in the UK during the first half of 2019. And, in 2019 alone, there have been thousands of breaches and billions of pieces of information stolen from institutions as big as the Dow Jones to Dunkin’ Donuts.
To make sure that your Patreon account information stays safe and out of the hands of bad actors, we put together a list of things you can do to protect your login information.
We’ve all done it before. A website tells you to create a new password, and instead of inventing a new one, you just reuse a password you’ve used elsewhere.
Is this easier in the short run? Yes, of course it is. But it’s not a good idea. And here’s why: if your email and password are part of a breach somewhere, that would suck. But, it would suck even more if you had used that password somewhere else, too. Then, the fraudulent individual wouldn’t just have access to one of your accounts — they’d have access to every account that you used that password with.
So next time you find yourself whipping out that same ol’ password, try mixing it up and using a different one. Your future self will be happy that you did.
Ready to turn your creative passion into a thriving business? Get started on Patreon today.
Better yet, use a password generator, which can generate long strings of alphanumeric passwords for you. Also, don’t use your name or your birthday in your password — those are easy to figure out. Remember, the more random the letters and numbers are, the better, which brings us to number 3...
Long, complicated, nonsensical passwords are good for stopping bad guys, but they sure aren’t easy to remember.
With a password manager, you’ll be able to get super tricky with your passwords without running the risk of getting locked out of your accounts. Plus, they often include a password generator as part of their setup, so you can instantly create a password that’s kooky enough to protect your accounts. Password managers are very safe and virtually impenetrable, and we recommend using one with your Patreon account.
I know how tempting it can be to just give someone, maybe a friend or a relative, your Patreon password, so they can take care of a task for you. But don’t do it! Not only do you not know where that password will end up, you also don’t know what machine that password will be used on.
For example, say you give your password to your aunt because you need some help messaging your patrons. She then tries to connect to your Patreon account using a public computer. The only problem is, that computer had been infected by a keystroke logging malware, which allows a hacker to record her typing (and your password). Then, to make matters worse, she forgets to log out of the public computer when she’s done, leaving your Patreon account open to the masses. Meep.
You never know where that password may end up, so better to be safe than sorry. Keep your password to yourself, and also...
The best rule of thumb is to guard your passwords like treasure. And, as far as passwords are concerned, 2 Factor authentication (2FA) and TOTP are the equivalents of a dynamite proof safe.
We’ve written about 2FA and TOTP extensively, but here’s a recap just in case: 2FA means that you need two factors to log in to your account. One type of 2FA that you can use with Patreon is SMS based. For instance, if you have 2FA SMS enabled on Patreon, every time you log in to your account, you will also receive a text from us ensuring that it’s actually you.
While this is a lot safer than just one password, using TOTP as your second factor is even safer.
Here’s a quote from our blog on why TOTP rocks:
“Like SMS, TOTP adds a second factor to the Patreon login process. However, instead of doing so with a six-digit static code texted to your phone, TOTP two-factor authentication uses a separate app that is constantly generating short-lived codes. There are many apps that provide two-factor TOTP such as Google Authenticator, which is free to use, and others like Duo or 1Password, which both charge a monthly fee. The fact that these apps generate codes that are always changing, and that aren’t dependent on your phone number, limits the chance of an attacker getting a hold of a valid code (your second factor), and thus, your account.”
If that sounds like gobbledygook to you, check out our support article on enabling 2FA to make doubly sure your Patreon account is secure.
Account takeovers are terrifying. But they are also avoidable. By following the advice in this article, you’re not only keeping your account information safe — you’re keeping your patrons information safe, too.
If you like what you’ve read, and you want to learn more on similar topics, subscribe to our Trust and Safety email series below and check out the rest of the Trust and Safety Blog Series.
Learn more about Trust and Safety at Patreon
Subscribe to our Trust & Safety Series and receive a monthly email highlighting informative blog posts that share our logic, process, and decisions with you.