Security Best Practices

With recent industry-wide increases in personal data breaches, software security vulnerabilities and other malicious activity, it is a good time to remind you about security and privacy measures available to you as a Disqus user. While the Disqus platform has not been directly impacted by these events, we continue to monitor for and detect suspicious activity for purposes such as spamming, spoofing, pattern matching, privacy violations and the like.

Disqus exercises industry best practices and we are continually enhancing our own security measures, as well as cooperating with partners to improve the integrity of the ecosystem as a whole. However, there are measures you can take to enhance the security of web services you may use, including Disqus. Key measures include:
  • Regular changing and strengthening of passwords

  • Never use the same password across multiple websites.

  • Using unique passwords that include a combination of words, numbers, special characters and both upper and lower case letters

  • Use a password manager such as 1Password or Keepass

  • Enable two factor authentication on websites/services that support it including your email account

  • Keeping application and browser software up to date for security patches

  • Exercising healthy skepticism when confronted with any unusual or obfuscated link or email

  • Using new and/or unique email address to register sensitive social accounts

  • Turning locking or private profile settings on for accounts that are at risk of unwanted following

  • Avoiding and reporting websites that appear to violate privacy law and/or terms of service

How to report security vulnerabilities with Disqus

We take the safety and privacy of users very seriously, so if you ever observe suspicious activity across Disqus’ network of communities, we would encourage you to contact us through the appropriate channel — security@disqus.com or privacy@disqus.com — with as much detailed information as possible.

 

Did you find this article helpful?