Account Safety on Lichess (and Beyond)
Staying safe online is important and not too complicated!
A lesson everyone using the internet should learn on day one is to be safe with their accounts. This includes your Lichess account. That‘s why we wanted to write this blog post about how to keep your Lichess account safe. We will talk about four different things to improve security in this article: Safe passwords, two-factor authentication, keeping your email safe and how to avoid phishing.
Let‘s talk about passwords first. Your password should be known only to yourself. If you share it with someone else they can potentially log in to your account. You should never give your password to anyone. Also remember that no moderator will ever ask you for your password. If someone asks for your password, please report them.
A second thing about your password is that you should never re-use a password. Use unique passwords for each account and service that you use. If you use your password twice it can happen that one password is leaked and you lose control of all of your accounts at once. So make sure you use a new password for your Lichess account. If you can‘t keep track of all your passwords and accounts try using a password-manager like KeePassXC or passwordstore. Using these you can just generate random, strong passwords and use a new one for every account, but you will only need to remember one master password for the manager. The following comic should give you an idea about how to generate an secure password. But note that the comic is some years old and is for illustration, so don't take the numbers too serious.
To make your account even safer you can use two-factor authentication (2FA), which has been a Lichess feature for quite some time now. You will just need an app for this on a secondary device, such as Aegis Authenticator (other apps are available and also services that send 2FA codes via email). If you use the email-2FA make sure your email is safe (read about it below). When you activate 2FA, when you try to log in to Lichess you will be prompted for your password, but also a code you can get from the app, which will be changed every 30 seconds. This will help you to keep your account safe even if someone has your password. You can activate 2FA here.
Keep your email safe
The third thing that will increase your security of most of your accounts online is to keep your email account safe. If someone gets access to your email they will be able to get new passwords for all of your accounts that depend on that address for password resets. It‘s recommended to use 2FA on your email if possible and use a mail-provider that will keep your mail safe (there are plenty out there).
Last but not least, be aware of phishing sites. Those websites might look exactly like Lichess, but will try to steal your password. If you suddenly have to log in again, check if you're still on the real lichess.org website by checking if the URL of the site is exactly lichess.org. Also avoid using public computers to log in to Lichess.
Please stay safe and keep enjoying Lichess. If you do have questions about this feel free to visit the support channel on our Discord server, you can find the link under this blog post.