If you receive a verification email from Patreon and don't recognize the location, please follow these steps to secure your account.
Here are some things you can do to help keep your account safe:
-
Pick a strong password. Use a combination of at least six numbers, letters and punctuation marks (like ! and &). It should be different from other passwords you use elsewhere on the internet. Using a service like 1Password is also a good option.
-
Or if you are unable to log into your account being locked due to security rate limiting, you can change it using the password forgot form.
- https://www.patreon.com/forgot-password
-
-
Change your password regularly, especially if you see a message from Patreon asking you to do so or receive a notice that a user in another location is attempting to access your account. If Patreon detects that your password may have been stolen, we will expire your password. Changing your password on Patreon and other sites helps to keep your account secure and prevent you from being hacked in the future.
- As to how an attacker may have gotten your password: Patreon does not store passwords, it stores the "BCyrpt hash" of the password and check that the password you're logging in with matches it. The most common method access to your password is through one of three methods:
- Password reuse - they stole your password for another service that does not store them correctly.
- Phishing - A phishing attack happens when someone tries to trick you into sharing personal information online. Phishing is typically done through email, ads, or by sites that look similar to sites you already use. For example, you might get an email that looks like it’s from your bank asking you to confirm your bank account number.
- Malware - while this is rarer, it can happen that malware logs the passwords you are typing into your browser. Check your browser for suspicious add ons or plugins and make sure your browser and operating system are updated.
- As to how an attacker may have gotten your password: Patreon does not store passwords, it stores the "BCyrpt hash" of the password and check that the password you're logging in with matches it. The most common method access to your password is through one of three methods:
-
Never give your password out to someone you don't know or publish it in an email.
-
Turn on two-factor authentication for an additional layer of account security.
-
Make sure your email account is secure. Anyone who can read your email can likely also access your Patreon account so make sure to change the passwords for all of your email accounts and make sure that no two are the same.