Once we enter the account settings, we can see all the options that it allows us to do related to our account and also to security.
Put a strong password
The first thing you should do to keep your account secure is to set a strong password. If when registering you did not put a secure password, then you can change it from the “Account” menu and click on “Change password”, it is necessary that the password has at least 8 characters. To create a strong password, you must have the following:
- Minimum of 12 characters in length.
- Have uppercase, lowercase and numbers.
- It is desirable that it have some symbol to improve security.
Our recommendation is that you use a password manager to generate the password automatically and save it in the password manager itself. Some highly recommended administrators or password managers are:
- Dashlane
- 1Password
- LastPass
- Bitwarden
- Passwarden
We also have password managers in some security suites like Avira or Kaspersky among others, so it’s also a good alternative. For example, Synology has C2 Password which is a key manager with storage in the Cloud, it can also be interesting, especially for NAS users.
You can also use the password managers of the browser itself if it has, or we have installed an extension that performs the password manager function. In the event that you do not want to use the key that the key manager suggests, you can always access password generator websites to configure the key as you want.
Once we have changed the password, you must also change it from the password manager so that it remembers the new one.
Activate two-step authentication
If we want to activate the two-step verification to further protect our reddit account, we must go to the “Security and privacy” section. In this menu we must go all the way down where it says «Use 2-step verification«. Click here to enable it.
We will get a small step-by-step configuration wizard to configure the two-step verification. The first thing we have to do is enter our current password to verify identity, and click on “Confirm”.
Now we will have to download an authenticator application from Google Play or the App Store. Currently there are many authenticator applications, so you should not have many problems choosing one of them, below, we put a list of recommended applications that we use in RedesZone:
- Telefonica Latch
- Google Authenticator
- authy
There are also other applications such as Microsoft’s own, really the operation of all of them is very similar, but the Google Authenticator tokens are stored locally, so if you change your mobile you will lose them if you are not root on the terminal and move these token to the new terminal. For this reason, our recommendation is to use authenticator applications that store this in the cloud, to facilitate the use of them.
Once we have the authenticator application, all we have to do is scan the QR code that reddit will show us, when registering the service it will start generating temporary codes for one use, we will have to enter the 6-digit code that it will show us the application, and click on “Complete configuration”.
Now reddit will confirm that two-step verification is already activated and working. From this moment we will have to log in with our username and password, and later it will ask us for the TOTP code (temporary single-use code) to verify our identity.
When we activate the two-step verification of a service, we have the possibility of using backup codes in case we do not have our smartphone to generate the codes, or we have some kind of problem with the application. If we click on the “Backup codes” hyperlink, it will take us to a menu where we can see several 6-digit codes that replace the TOTP codes generated by our smartphone. These codes must be kept very well in a safe and private place, because with these codes you will be able to log in as if you had the authenticator application.
If we want to obtain the backup codes to keep them safe, we must enter the access password again to verify our identity:
Upon entering we can see the complete list of backup codes, as you can see, we must keep them in a safe place. In case of losing these codes, we can access our account to generate new ones, there is no problem in this regard.
If we go back to the main “Security and privacy” menu, we can already see that the 2-step verification option is perfectly activated. We also have the hyperlink to get the backup codes.
Another security measure that we can take is to go to “manage the authorization of third-party applications”, and that is that we can log in to other services using the reddit account. If we do not use any of these third-party applications, it is advisable to revoke this permission for security.
At this time we will already have our reddit account protected as much as possible, we must bear in mind that the fundamental steps to protect any online account are:
- Choose a good password.
- Turn on 2-step authentication, but don’t use the SMS method because it’s not secure.
- Review third-party applications that have access to our account.
Once we meet all these requirements, then we can rest assured that our digital identity will be secure.