Skip to main content

Keeping Your Account Secure

Your Tavrn account holds your conversations, connections, and community memberships. Here’s how to make sure it stays yours.

The Basics: A Solid Password

It starts here. A good Tavrn password:
  • Is at least 12 characters long (longer is better)
  • Uses a mix of letters, numbers, and symbols
  • Is unique to Tavrn, not used on any other site
  • Is not your pet’s name, birthday, or anything easily guessed
Reusing passwords across sites is dangerous. If one site gets breached and your email + password are exposed, attackers will try that same combination on every major platform. Your Tavrn password should be Tavrn-only.
Use a password manager. Tools like Bitwarden (free), 1Password, or your browser’s built-in password manager generate and remember strong, unique passwords for you. There’s no good reason not to use one in 2024.

Enable Two-Factor Authentication (2FA)

This is the single biggest security upgrade you can make. With 2FA enabled, even if someone gets your password, they still can’t log in without a code from your authenticator app. Tavrn supports TOTP (Time-Based One-Time Password) via authenticator apps like:
  • Aegis (Android, open source, recommended)
  • Google Authenticator (iOS/Android)
  • Authy (iOS/Android)
  • 1Password (has built-in TOTP)
Set up 2FA →

Recognize Phishing Attempts

Phishing = someone pretending to be Tavrn (or another trusted party) to steal your credentials. Common patterns:
  • A DM or message with a link that looks like a Tavrn login page, check the URL carefully
  • “Your account will be suspended unless you verify now”, Tavrn won’t send urgent login demands via DM
  • Links in rooms from users you don’t know with no context
When in doubt:
  • Don’t click the link
  • Go directly to Tavrn by typing the URL yourself
  • Never enter your password on a page you didn’t navigate to directly

Safe Browsing Warnings

Tavrn runs links shared in chat against safety databases. If a link is flagged, you’ll see a warning popup before being redirected. Take those warnings seriously, don’t click through “just to see.”

Suspicious Login Alerts

If someone tries to access your account from a new location or device, you may receive a notification. If you see one of these and it wasn’t you:
  1. Change your password immediately
  2. Enable 2FA if you haven’t already
  3. Log out of all sessions from Settings → My Account

Logging Out of All Devices

If you think your account may be compromised, or you logged in on a shared device and forgot to log out:
  1. Go to Settings → My Account
  2. Find Log Out All Sessions (or equivalent)
  3. Confirm
This forces a sign-out on every device your account is logged into. Anyone currently using your account with your credentials will be kicked out.

Steam Login Security

If you log in with Steam, your Tavrn security is tied to your Steam account security. Make sure your Steam account also has:
  • A strong password
  • Steam Guard / 2FA enabled
A compromised Steam account = a compromised Tavrn account if you use Steam login.

Account Recovery

If you ever lose access to your account: Forgot password?
  1. Click Forgot Password on the login page
  2. Enter your email address
  3. Check your inbox for a reset link
  4. Follow the link and set a new password
Lost access to your 2FA authenticator? This is a trickier situation, contact Tavrn support with proof of account ownership. This is exactly why you should save backup codes when you set up 2FA.

Summary Checklist

1

Use a strong, unique password

Not reused from anywhere else. Stored in a password manager.
2

Enable 2FA

An authenticator app takes 2 minutes to set up and dramatically improves your security.
3

Be skeptical of unexpected links

Especially in DMs from strangers or in rooms. Check URLs carefully.
4

Don't share your credentials

Tavrn staff will never ask for your password in a DM or email.