The most important feature of DF Studio security starts with the user. Exercise caution and be familiar with the following practices for securing access to DF Studio accounts.
Verify the Login Page
Before submitting DF Studio login credentials, confirm that the login page is genuine. An authentic DF Studio login page will always be served over a secure connection (link begins with https://), and all DF Studio sites will have URLs that begin with the format [account].dfstudio.com.
Be alert for attempts to acquire DF Studio credentials through the use fraudulent login pages, which may be distributed via email or other means, using a link that attempts to disguise itself as genuine. When possible, avoid submitting passwords to any website accessed through an email link.
If the authenticity of the login page is uncertain, type https://dfstudio.com into the browser location bar and follow the DF Studio login process from there.
Keep in mind that Messenger links do not require the recipient to log in to a DF Studio account to view the Messenger content. If a DF Studio username or password are requested by a website reached from a Messenger link, contact DF Studio Support or reach out to the Messenger sender for a new Messenger link.
Use Strong Passwords
When creating a DF Studio account password, be sure to select a password that is as strong as possible. The “strength” of a password refers to its resistance to “brute force” attacks, in which an unauthorized individual or software program attempts to guess a password by trying every possible combination of numbers and letters.
For example, the password abcd requires only 456,976 attempts in order to guess every possible four-letter combination, while abcde requires nearly 12 million guesses.
Similarly, the password abcdE requires over 380 million guesses because the attacker will not find a match unless the attempted combinations include both capital and lowercase letters.
To ensure a minimum level of password strength, DF Studio passwords cannot contain a dictionary word, and must consist of eight or more characters, with at least one number or symbol included—this forces attackers to try harder to get an accurate guess. A password with more characters and a wider variety of letters, numbers, and symbols would be even stronger. (For assistance in generating strong, unique passwords, see “Resources” below.)
Avoid Reusing Passwords
Reusing the same password for multiple services or accounts increases the likelihood that the password may fall into the wrong hands, via unauthorized access or malicious means such as “phishing” attacks or data breaches. Use a completely unique password to access DF Studio; this will mitigate the risk of unauthorized access by someone who has recovered the password to another account such as email, social media, etc. (For assistance in generating strong, unique passwords, see “Resources” below.)
Avoid Sharing Passwords
Each DF Studio user should access the account through an individual username and password which should never be shared with other people.
In particular, be aware that DF Studio staff will never ask for a DF Studio password. Passwords are stored using a one-way hash that prevents anyone (including DF Studio staff) from seeing the actual password. DF Studio Support can assist with generating a new password, but cannot access and will not request the password to any DF Studio account. If a password is requested by anyone claiming to offer support, contact DF Studio Support immediately.
Keep Passwords Safe
If the DF Studio account password is not stored securely in a password manager or other application (see “Resources” below), it should be memorized. Avoid writing the password on a sticky note or leaving it anywhere else it could be accessed by an unauthorized passerby.
Contact DF Studio Support
When in doubt, reach out to DF Studio Support with any concerns, or to report any suspicious activity. Early intervention gives the best chance to prevent any unauthorized access, and accounts can be locked or new user authentication credentials created if necessary.
Password managers represent an excellent option to maintain unique and robust passwords for multiple accounts and services, protected by a single password the user must remember to unlock the application. Examples include:
Devising an appropriate password can be simplified with a password generator. These tools automatically create strong passwords with configurable features such as length and available characters. Each of the password managers above offers a free online password generator:
Dedicated cybercriminals attempt to bypass all of the best password security practices by gaining unauthorized access to the data from popular services and online sites and retrieving passwords directly. It can be useful to check important passwords regularly against a list of known data breaches to make sure any passwords that have been compromised are immediately replaced and never used again.
Have I Been Pwned maintains an archive of data breaches and offers a password search tool to determine whether a specific password has been misappropriated.