How do I protect my privacy on Dreamwidth? (Part 3)
At Dreamwidth we take the security of your journal and your entries very seriously. While we do our part, this part of the guide discusses what you can do to make sure your account remains secure.
You may think "All I talk about in my journal is what I had for breakfast, why would anyone want that?" If someone gains access to your account, they won't only see your Private entries, but could impersonate you and post comments on other journals as you or read the secured entries of people who've granted you access to their journals. Having a secure account is important to the good of Dreamwidth as a whole, and it's easy to do.
The most important thing you can do to ensure your account remains secure is to keep your email address up to date. We consider the owner of an account to be the person who has access to one of the account's confirmed email addresses. If you forget your password and don't have access to the email address on the account, we won't be able to give you access to the account. And if someone else gains access to one of your old email addresses, they may be able to claim your Dreamwidth account. If you change your email address, you'll also want to delete the old addresses from your email address management page as soon as you can. The currently confirmed email address on your account must remain the email address associated with the account for 6 months in a row before you can delete old addresses.
In addition to keeping your email address current, you should make sure you've chosen a strong password, i.e., one that can't be easily guessed. Dreamwidth allows very lengthy passwords that can include spaces and punctuation, so be imaginative with your password. Don't use a password that's based on your name, your account name, your email address, the names of people you know, your favorite thing, or any word in a dictionary. Instead, try using a long sentence that you can remember easily. You may want to make your Dreamwidth password something like "This sentence will let me in to my Dreamwidth account, easy as 1-2-3!". Using a password phrase like that instead of a simple password goes a long way towards keeping your account secure. Adding in numbers and punctuation also helps make your password stronger.
Never enter your password on any non-Dreamwidth site. The cool survey you just filled out that will auto-post itself to your journal may also spam everyone you're subscribed to, delete all your entries, or do other things. Always look in the address bar of your browser for dreamwidth.org and make sure you're actually on Dreamwidth before typing in your password. Of course, there are exceptions to this rule; if you want to migrate away from Dreamwidth, you may want to enter your password into the importer of the site you're moving to.
In general, don't enter your password on any site that you don't completely trust with full access to your Dreamwidth account. Even if you change your password immediately before using the external site, then change it again immediately after, the external site could still potentially compromise your account during the time they have access to it. If you want to use an external service, carefully weigh the convenience it offers against the long-term security of your account, and see if you can find an alternate way to do what you want to do rather than giving the site your Dreamwidth password.
Dreamwidth offers a feature that can save you typing in a lengthy password each time you log in: the "Remember me" checkbox on the login form. If you log in with this box ticked, Dreamwidth will set a cookie on your computer that tells Dreamwidth who you are every time you come back to the site from the same web browser. This is a great timesaving feature, but can be insecure if you use it improperly.
Only use "Remember me" on computers you own or are the sole user of. If you use a public computer and log in with "Remember me" checked, it's possible the next person to use that computer could access your Dreamwidth account. If you're concerned that you may have accidentally left a computer you don't control logged in to your Dreamwidth account, go to the Manage Logins page to log those sessions out.
To make sure your content remains secure, always Log Out button on the Log Out page and completely exit your web browser when you're done using a public computer.
Back one page | Up to table of contents
You may think "All I talk about in my journal is what I had for breakfast, why would anyone want that?" If someone gains access to your account, they won't only see your Private entries, but could impersonate you and post comments on other journals as you or read the secured entries of people who've granted you access to their journals. Having a secure account is important to the good of Dreamwidth as a whole, and it's easy to do.
The most important thing you can do to ensure your account remains secure is to keep your email address up to date. We consider the owner of an account to be the person who has access to one of the account's confirmed email addresses. If you forget your password and don't have access to the email address on the account, we won't be able to give you access to the account. And if someone else gains access to one of your old email addresses, they may be able to claim your Dreamwidth account. If you change your email address, you'll also want to delete the old addresses from your email address management page as soon as you can. The currently confirmed email address on your account must remain the email address associated with the account for 6 months in a row before you can delete old addresses.
In addition to keeping your email address current, you should make sure you've chosen a strong password, i.e., one that can't be easily guessed. Dreamwidth allows very lengthy passwords that can include spaces and punctuation, so be imaginative with your password. Don't use a password that's based on your name, your account name, your email address, the names of people you know, your favorite thing, or any word in a dictionary. Instead, try using a long sentence that you can remember easily. You may want to make your Dreamwidth password something like "This sentence will let me in to my Dreamwidth account, easy as 1-2-3!". Using a password phrase like that instead of a simple password goes a long way towards keeping your account secure. Adding in numbers and punctuation also helps make your password stronger.
Never enter your password on any non-Dreamwidth site. The cool survey you just filled out that will auto-post itself to your journal may also spam everyone you're subscribed to, delete all your entries, or do other things. Always look in the address bar of your browser for dreamwidth.org and make sure you're actually on Dreamwidth before typing in your password. Of course, there are exceptions to this rule; if you want to migrate away from Dreamwidth, you may want to enter your password into the importer of the site you're moving to.
In general, don't enter your password on any site that you don't completely trust with full access to your Dreamwidth account. Even if you change your password immediately before using the external site, then change it again immediately after, the external site could still potentially compromise your account during the time they have access to it. If you want to use an external service, carefully weigh the convenience it offers against the long-term security of your account, and see if you can find an alternate way to do what you want to do rather than giving the site your Dreamwidth password.
Dreamwidth offers a feature that can save you typing in a lengthy password each time you log in: the "Remember me" checkbox on the login form. If you log in with this box ticked, Dreamwidth will set a cookie on your computer that tells Dreamwidth who you are every time you come back to the site from the same web browser. This is a great timesaving feature, but can be insecure if you use it improperly.
Only use "Remember me" on computers you own or are the sole user of. If you use a public computer and log in with "Remember me" checked, it's possible the next person to use that computer could access your Dreamwidth account. If you're concerned that you may have accidentally left a computer you don't control logged in to your Dreamwidth account, go to the Manage Logins page to log those sessions out.
To make sure your content remains secure, always Log Out button on the Log Out page and completely exit your web browser when you're done using a public computer.
Back one page | Up to table of contents
Last Activity: April 25th, 2010 (rainbow)
Back to the full FAQ list. Return to the Search Page. Need more help? Go to the Support Area.
