World Password Day: Keeping Your Account Secure

Post Header

Published:

2026-05-07 16:17:40 UTC

Translations:

Tags:

AO3 Logo with the words 'AO3 Update'

Today is World Password Day, and we'd like to take this opportunity to remind everyone of some best practices to keep your accounts secure.

Last year, AO3 saw a rise in users who lost access to their AO3 accounts due to reused or insecure passwords that were found in data breaches from other sites. In response, our Policy & Abuse committee alongside our Accessibility, Design, & Technology, and Systems committees took steps to recover, secure, and notify the owners of over 10,000 at-risk accounts.

Over the past year, we released many new features to proactively make AO3 accounts more secure, including:

Automatic confirmation emails notifying you when your username, password, or email has been changed
Adding a verification step to the process for changing the email associated with your account
Notifying you if your current or new password matches a password that was discovered in a data breach from another site
Preventing users from choosing new passwords that are extremely short
Increasing the maximum password length from 40 to 72 characters
Requiring you to provide the email address associated with your account in order to reset your password
Updating the layout and wording of how you change or reset your password

How To Protect Your AO3 Account

The best thing you can do to protect yourself on AO3 and other sites is ensure your passwords are strong, unique, and secure. In general, for both AO3 and elsewhere, we recommend that you:

Regularly check haveibeenpwned.com to see if your emails, passwords, or other information has been exposed in data breaches or whether your passwords have appeared in known data breaches.
Change your passwords for any breached websites and any accounts on other sites where you may have used the same password.
Set a unique, secure password for each and every one of your accounts on all platforms.
Use a password manager. This will help you to set unique, secure passwords for each of your accounts without worrying about forgetting them. Many browsers have a free, built-in password manager if you would prefer to avoid third-party software.
Make sure to check your email regularly. Don't use a temporary, school, or work email for any personal accounts. (If you need to update the email associated with your AO3 account, go to your Preferences page and click on the "Change Email" button in the top right. Follow the instructions on that page to update your email address.)
Keep your antivirus software and operating system up to date, and set them to scan for malware regularly.
Log out when you've finished using devices that others have access to, and don't share your personal devices with other people.
Never reuse passwords or share your passwords with anyone for any reason.

Future Changes

Keeping AO3 safe for all our users is one of our highest priorities. We continue to remain on the lookout for other ways we can help you protect your account.

We encourage you to follow us on our official platforms and sign up for OTW News by Email to keep track of important announcements and updates to AO3. If you're specifically interested in learning about new features, security updates, and bug fixes, we recommend that you pay attention to our release notes.

The Organization for Transformative Works is the non-profit parent organization of multiple projects including Archive of Our Own, Fanlore, Open Doors, OTW Legal Advocacy, and Transformative Works and Cultures. We are a fan-run, donor-supported organization staffed by volunteers. Find out more about us on our website.

Actions

Comments

Sorry, this news post doesn't allow non-Archive users to comment. You can however contact Support with any feedback or questions.

Archive of Our Own

AO3 News

News Post Navigation