As a tracker, it is our responsibility to ensure that our users are aware of all the ways we provide to secure your accounts. As users, you are responsible for ensuring that you make use of the available security methods to protect both yourself and your fellow users from the dangers of a single compromised account. As such, we would like to take this time to outline some of the ways you can ensure your account stays secure.

Password Strength
Your first line of defense is your password. Ensure to the best of your ability that your password is sufficiently complex and is unique. We know it's tempting to just use the same password everywhere, but please for god's sake make at least some change for your password here. If you're concerned about forgetting your password if you make it different, just make sure your email is valid (and with a service that isn't likely to go under in the near future. That happens a surprising amount). As long as your email works, you can always reset your password.

Two Factor Authentication
2FA is a second layer of defense for your account. If enabled, it requires you use an app on your phone to generate an additional temporary password when you login. 2FA can make it so that even if your password is compromised, an attacker still cannot gain access to your account. Keep in mind that if you enable 2FA, you should take the necessary precautions against losing your 2FA key. If your phone gets wiped or stolen or broken, you must have a backup of your 2FA key to regain access to your account. Staff will not disable 2FA on any account unless the account owner has setup a recovery method (see PGP below) and is able to use it.

Universal Second Factor
Similar to 2FA, U2F provides a second layer of defense for your account. Instead of a phone app, U2F consists of a physical key-like device that usually plugs into a USB port and cryptographically verifies your identity upon each login. Unlike a 2FA device, a U2F token cannot be hacked or cloned or suffer data loss from a bad update. It is also far less likely to be damaged or stolen. You can purchase a U2F token for around $10-20, and use it to secure many different supported accounts (including Google accounts). Again, like 2FA, staff will not disable U2F protection on any accounts that the owner has enabled it for unless a proper recovery method is setup and used.

PGP Key
PGP keys can be used to prove that you are the owner of your account in the event that you otherwise lose access to it. PGP works by creating a pair of cryptographic keys with the property that anything encrypted with one of them can only be decrypted by the other one. One of these keys is designated as your private key, and should never under any circumstances leave your personal machine or be available to anyone. The other is your public key, and can be put in public for all to see. If you generate a keypair and give us your public key, we (or anyone else) can encrypt something with the key you give us, and only you will be able to decrypt it. We can use this to provide challenges to you that prove you hold the private key. This is the only available method of overriding 2FA or U2F, but you can use it even if you have neither of those enabled.

The above-mentioned advanced security features are available for you to setup here.