We take account security very seriously. Here are some best practices you can follow to help make sure your account is as secure as it can be.
Activate Two-Factor Authentication (2FA)
Setting up two-factor authentication (2FA) adds a strong layer of security to your account. With 2FA even if someone gets hold of your username and password they won’t be able to access your account.
Each time you log in, you'll get a 6-digit code sent to your authentication app or mobile phone. You'll need this code to complete the sign-in process.
We also recommend setting up 2FA on any accounts that you use together with Ko-fi such as your payment methods and any linked socials.
Use a strong password and a password manager
If your Ko-fi username and password are the same as those you use on other sites, there's a chance a hacker could get your details from a breach on another site and use them to get into your Ko-fi account.
Either use a password unique to Ko-fi or better yet use a password manager. Some browsers have them built in, but there are free tools like LastPass available.
If you’re setting your own password, make sure it’s not identical or similar to passwords you’ve used on other sites. Avoid personal info and real words. Go for numbers, special characters, and upper and lower-case letters.
Look out for Ko-fi emails about changes on your account
We will send you an email if your payment method or login information has changed.
If you don’t recognise the change take immediate action following the advice in this article.
Another tip is to keep a close eye on the transactions you receive. Ko-fi is a direct payments platform, so make sure when you see a payment on Ko-fi, you can see that same transaction in your PayPal or Stripe account.
Take action on suspicious payments
If you notice that you have received a large payment from either a new supporter or from a supporter who doesn’t normally send such a large amount, it may be best to refund this.
Review your Payments History regularly - if you spot any unfamiliar transactions that you didn’t allow, disconnect the relevant payment method immediately and report it to the relevant payment platform (PayPal or Stripe). See how to disconnect a payment method here.
Keep your chat on Ko-fi
Don’t respond to people asking for you to chat on other platforms about ways to make money on Ko-fi. It’s best to keep the chat about your Ko-fi page, products, commissions, etc in Ko-fi Messages if you can.
- Don’t click on URLs that look unsafe - this could be an attempt to trick you into clicking a malicious link (known as ‘phishing’)
- Avoid sharing personal info unless it is necessary e.g. you will need to provide a shipping address if buying a physical item from a Creator.
Remember you can block someone
If you received comments you don’t want to see on your page, just click the ellipsis (…) next to one of these comments. Here, you can choose from the following three options:
- Delete - this simply deletes that specific comment
- Block - this blocks the user
- Block and Delete All - this blocks the user and also deletes all of their comments
You can block specific people from making further payments to you. Head to Account & Billing and find ‘Safety’, find the last transaction relevant to the person you want to block. Choose ‘Limit this person’ to stop them from supporting you again.
Please don’t hesitate to contact us if you have any other worries or questions about the security of your account.